Lucene search
+L

82 matches found

redhatcve
redhatcve
added 2025/09/24 6:31 p.m.4 views

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
nvd
nvd
added 2025/09/22 7:16 p.m.6 views

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS0.00196EPSS
Exploits0References1
patchstack
patchstack
added 2025/09/22 6:54 p.m.8 views

WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Nextend Facebook Connect versions = 3.1.19...

6.5CVSS6AI score0.00196EPSS
Exploits0Affected Software1
cve
cve
added 2025/09/22 6:23 p.m.20 views

CVE-2025-58031

CVE-2025-58031 corresponds to a Stored Cross-Site Scripting vulnerability in the Nextend Facebook Connect plugin for WordPress. Affected versions are Nextend Facebook Connect up to 3.1.19, with root cause described as Improper Neutralization of Input During Web Page Generation. The connected Word...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/22 6:23 p.m.1 views

CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/22 6:23 p.m.12 views

CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS0.00196EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/09/22 12:0 a.m.3 views

PT-2025-38880

Name of the Vulnerable Software and Affected Versions Nextendweb Nextend Facebook Connect versions through 3.1.19 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

6.5CVSS6.1AI score0.00196EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/09/22 12:0 a.m.4 views

WordPress plugin Nextend Facebook Connect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 9:39 a.m.32 views

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS6.2AI score0.00373EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:46 p.m.8 views

CVE-2022-45843

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin = 3.5.1.9 versions...

5.4CVSS6.1AI score0.00383EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:44 p.m.7 views

CVE-2022-45845

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9...

8.8CVSS8AI score0.00538EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/25 11:12 a.m.9 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS9.5AI score0.00388EPSS
Exploits0References2
cvelist
cvelist
added 2025/04/25 11:12 a.m.20 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00388EPSS
Exploits0References2
nvd
nvd
added 2025/02/07 2:15 a.m.26 views

CVE-2025-1061

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS0.0064EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/02/07 1:41 a.m.11 views

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.8AI score0.0064EPSS
Exploits0References3
cvelist
cvelist
added 2025/02/07 1:41 a.m.32 views

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS0.0064EPSS
Exploits0References3
cve
cve
added 2025/02/07 1:41 a.m.128 views

CVE-2025-1061

CVE-2025-1061 (Nextend Social Login Pro, WordPress) is an authentication bypass vulnerability in versions up to and including 3.1.16 caused by insufficient verification of the user during the Apple OAuth authenticate request. This allows unauthenticated attackers to log in as an existing user (e....

9.8CVSS8.9AI score0.0064EPSS
Exploits0References3
patchstack
patchstack
added 2025/02/06 11:43 p.m.7 views

WordPress Nextend Social Login Pro plugin <= 3.1.16 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin Nextend Social Login Pro versions = 3.1.16...

9.8CVSS6.8AI score0.0064EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/02/05 4:35 a.m.9 views

CVE-2024-9893

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.1AI score0.00645EPSS
Exploits0References1
nvd
nvd
added 2024/10/16 2:15 p.m.10 views

CVE-2024-9893

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS0.00645EPSS
Exploits0References3
Rows per page
Query Builder