{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1061", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-05T14:44:49.749Z", "datePublished": "2025-02-07T01:41:10.227Z", "dateUpdated": "2026-04-08T16:57:36.508Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:36.508Z"}, "affected": [{"vendor": "nextendweb", "product": "Nextend Social Login Pro", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.16", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."}], "title": "Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve"}, {"url": "https://nextendweb.com/nextend-social-login-docs/provider-apple/"}, {"url": "https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-02-05T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-02-05T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-02-06T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T15:50:55.465727Z", "id": "CVE-2025-1061", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T15:58:52.665Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T15:50:55.465727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T15:51:12.176Z"}}], "cna": {"title": "Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "nextendweb", "product": "Nextend Social Login Pro", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.1.16"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-05T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-02-05T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-02-06T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve"}, {"url": "https://nextendweb.com/nextend-social-login-docs/provider-apple/"}, {"url": "https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/"}], "descriptions": [{"lang": "en", "value": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-02-07T01:41:10.227Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1061", "state": "PUBLISHED", "dateUpdated": "2025-02-07T15:58:52.665Z", "dateReserved": "2025-02-05T14:44:49.749Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-07T01:41:10.227Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."}, {"lang": "es", "value": "El complemento Nextend Social Login Pro para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en versiones hasta la 3.1.16 incluida. Esto se debe a que no se proporciona suficiente verificaci\u00f3n del usuario durante la solicitud de autenticaci\u00f3n de Apple OAuth a trav\u00e9s del complemento. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico."}], "id": "CVE-2025-1061", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-02-07T02:15:29.587", "references": [{"source": "security@wordfence.com", "url": "https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/"}, {"source": "security@wordfence.com", "url": "https://nextendweb.com/nextend-social-login-docs/provider-apple/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T04:17:04.136260+00:00", "value": {"mitigation_remediation": ["Upgrade Nextend Social Login Pro to version 3.1.17 or later, which contains the necessary validation fix.", "If an upgrade is not immediately possible, disable the Apple provider within the plugin\u2019s settings as a temporary workaround until the patch is applied.", "Consider removing or deactivating the entire Nextend Social Login Pro plugin to eliminate the attack surface until a secure version is deployed."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The issue affects the Nextend Social Login Pro plugin for WordPress, versions up to and including 3.1.16. The plugin is distributed by Nextendweb.", "description_and_impact": "The vulnerability allows an attacker to forge an Apple OAuth authentication request that is insufficiently validated by the Nextend Social Login Pro plugin. This flaw enables an unauthenticated attacker to log in as any existing WordPress user\u2014including administrators\u2014provided the attacker knows the user\u2019s email address. Once authenticated, the attacker gains full privileges of that account.", "risk_and_exploitability": "The CVSS score of 9.8 indicates high severity, while the EPSS score of less than 1% suggests a low but non-zero probability of exploitation at this time. The flaw is not listed in the CISA KEV catalog. Attackers can exploit the weakness remotely by crafting a specially crafted request to the Apple OAuth endpoint exposed by the plugin; the likely attack vector is inferred from the description as a remote request that bypasses authentication. Because the bypass is triggered without prior authentication, an attacker could elevate their privileges to that of any existing user on the site."}}}}, "created": "2025-07-13T11:07:25.340937+00:00", "updated": "2026-04-22T04:30:05.311853+00:00", "vendors": ["nextendweb", "nextendweb$PRODUCT$nextend_social_login_pro", "wordpress", "wordpress$PRODUCT$wordpress"]}