Vulnerabilidades em nextendweb
11 resultadosCVE-2024-9893CRITICALNextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth providerEPSS 0.6%CVE-2025-1061CRITICALNextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth providerEPSS 0.6%CVE-2026-9197MEDIUMSmart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML ExportEPSS 0.6%CVE-2026-34424CRITICALSmart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access ToolkitEPSS 0.6%CVE-2026-3098MEDIUMSmart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAllEPSS 0.5%CVE-2024-1775MEDIUMNextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_descriptionEPSS 0.4%CVE-2026-4065MEDIUMSmart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record ManipulationEPSS 0.4%CVE-2025-6348MEDIUMSmart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` ParameterEPSS 0.4%CVE-2024-3027MEDIUMSmart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File UploadEPSS 0.3%CVE-2025-58031MEDIUMWordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-13737MEDIUMNextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social LoginEPSS 0.1%