Nextend Social Login
Approved changes feed: RSS · Atom
cpe:2.3:a:nextendweb:nextend_social_login:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Nextendweb (da1c10d6-feae-5ddb-8d3b-18a68fcd20ef) |
|---|---|
| Product | Nextend Social Login (357b37d7-d85e-5df1-81be-c0ac62879a50) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/pronamic/nextend-social-login-pro |
purl2cpe | 2026-06-01 10:12:09.285955 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-1775 |
vulnerable | 2026-06-08 06:27:14.472290 |
Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description
MEDIUM (5.4)
The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires "Debug mode" to be enabled in the plugin's "Global Settings".
Published: 2024-03-02T07:35:48.322Z
Updated: 2026-04-08T16:47:14.468Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.