WordPress Plugin Vulnerabilities

Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)

Description

The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
nextend-facebook-connect
Fixed in 1.5.8

References

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
Aimad-Eddine Gaboune (aimadnet)
Submitter twitter
aimadnet
Verified
No
WPVDB ID
281fe3cc-7079-403e-83d6-8b7e8811edbc

Timeline

Publicly Published
2016-03-15 (about 10 years ago)
Added
2016-03-15 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-12-23
Title
GiveWP < 4.13.2 - Cross-Site Request Forgery
Published
2022-05-16
Title
Discy < 5.2 - Settings Update via CSRF
Published
2025-10-15
Title
Reloadly <= 2.0.1 - Cross-Site Request Forgery
Published
2023-07-17
Title
WooCommerce Ship to Multiple Addresses < 3.8.6 - Cross-Site Request Forgery
Published
2022-12-05
Title
Loginizer <= 1.7.5 - Cross-Site Request Forgery