Vulnerabilities > Nextendweb > Facebook Connect > 1.4.18
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-24 | CVE-2015-4413 | Cross-site Scripting vulnerability in Nextendweb Facebook Connect Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. | 4.3 |