WordPress Plugin Vulnerabilities

Nextend Social Login Pro < 3.1.17 - Authentication Bypass via Apple OAuth provider

Description

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Affects Plugins

Plugin icon
nextend-social-login-pro
Fixed in 3.1.17

References

CVE
CVE-2025-1061
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
225de73a-6ff4-4279-acfc-0a87ca8bee0e

Timeline

Publicly Published
2025-02-06 (about 1 year ago)
Added
2025-02-06 (about 1 year ago)
Last Updated
2025-02-06 (about 1 year ago)

Other

Published
Title
Published
2025-05-06
Title
PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover
Published
2015-04-27
Title
WP Ultimate CSV Importer < 3.7.1 - Directory Traversal
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8 - Cleartext Admin Credentials Disclosure
Published
2025-10-14
Title
OwnID Passwordless Login <= 1.3.4 - Authentication Bypass
Published
2023-11-23
Title
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read