CVE-2025-1061
Published: 07 February 2025
Description
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Security Summary
CVE-2025-1061 is an authentication bypass vulnerability affecting the Nextend Social Login Pro plugin for WordPress in versions up to and including 3.1.16. The issue stems from insufficient verification of the user supplied during the Apple OAuth authentication request processed by the plugin, as identified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no privileges required. By supplying a manipulated user during the Apple OAuth flow, attackers who have access to an existing user's email—such as an administrator—can log in as that user, potentially gaining full control over the WordPress site.
Mitigation details are available in vendor advisories, including the Nextend Social Login Pro addon changelog at https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/ and Apple provider documentation at https://nextendweb.com/nextend-social-login-docs/provider-apple/. Additional analysis is provided by Wordfence at https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve. Security practitioners should update to a patched version beyond 3.1.16 and review Apple OAuth configurations.
Details
- CWE(s)