CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

The Hacker News•added 2026/04/10 6:28 a.m.•2 views

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...

6.8AI score

Exploits0

RedhatCVE•added 2026/01/07 9:11 a.m.•6 views

CVE-2025-1061

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.7AI score0.00148EPSS

Exploits0References1

CNVD•added 2025/12/03 12:0 a.m.•2 views

WordPress Nextend Social Login and Register plugin cross-site request forgery vulnerability

WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...

4.3CVSS6.8AI score0.00011EPSS

Exploits0References1

Patchstack•added 2025/11/29 12:12 a.m.•5 views

WordPress Nextend Social Login and Register plugin <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login vulnerability

Cross-Site Request Forgery to Unlink User Social Login vulnerability discovered by type5afe in WordPress Plugin Nextend Facebook Connect versions = 3.1.21...

4.3CVSS6.7AI score0.00011EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/28 4:16 a.m.•4 views

CVE-2025-13737

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS0.00011EPSS

Exploits0References3

EUVD•added 2025/11/28 3:27 a.m.•3 views

EUVD-2025-199854

4.3CVSS4.8AI score0.00011EPSS

Exploits0References4

Cvelist•added 2025/11/28 3:27 a.m.•2 views

CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login

4.3CVSS0.00011EPSS

Exploits0References3

CVE•added 2025/11/28 3:27 a.m.•8 views

CVE-2025-13737

The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...

4.3CVSS4.9AI score0.00011EPSS

Exploits0References3