WordPress Plugin Vulnerabilities

Nextend Facebook Connect < 1.5.1 - Cross-Site Scripting (XSS)

Description

The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
nextend-facebook-connect
Fixed in 1.5.1

References

CVE
CVE-2014-8800
Exploitdb
35439

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7777cb0c-a6d5-4f20-bf00-923070156403

Timeline

Publicly Published
2014-02-12 (about 12 years ago)
Added
2014-12-03 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2021-07-05
Title
Magic Post Thumbnail < 3.3.7 - Reflected Cross-Site Scripting (XSS)
Published
2025-04-01
Title
Oracle Cards Lite < 1.2.2 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
Page Health-O-Meter <= 2.0 - Reflected Cross-Site Scripting
Published
2025-04-24
Title
Blog Manager WP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-09-23
Title
Confetti Fall Animation <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode