cleantalk
Vulnerabilities and Security Researches

Nextend Social Login and Register, 9d33cb45c6b99122e0c0e635939fd5605cfcfc48

CVE, Research URL

9d33cb45c6b99122e0c0e635939fd5605cfcfc48

Home page URL

Security reports for Nextend Social Login and Register

Application

Nextend Social Login and Register

Published on
Mar 15, 2016
Research Description
Nextend Social Login and Register [nextend-facebook-connect] < 1.5.9 Nextend Facebook Connect <= 1.5.8 - Cross-Site Request Forgery The Nextend Facebook Connect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing nonce validation on the store_settings() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.5.9.
Status
vulnerable
Previous vulnerability researches
Nextend Social Login and Register (CVE-2014-8800) , Jun 07, 2024
Nextend Social Login and Register (CVE-2015-4413) , Jun 07, 2024
Nextend Social Login and Register (9d33cb45c6b99122e0c0e635939fd5605cfcfc48) , Jun 16, 2026
Nextend Social Login and Register (CVE-2024-1775) , Jun 07, 2024
Nextend Social Login and Register (281fe3cc-7079-403e-83d6-8b7e8811edbc) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026