Vulnerabilities > Nextendweb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-02 | CVE-2024-1775 | Cross-site Scripting vulnerability in Nextendweb Nextend Social Login The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-03-27 | CVE-2023-0660 | Unspecified vulnerability in Nextendweb Smart Slider 3 The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2023-03-23 | CVE-2022-45843 | Unspecified vulnerability in Nextendweb Smart Slider 3 Auth. | 5.4 |
| 2021-06-14 | CVE-2021-24382 | Unspecified vulnerability in Nextendweb Smart Slider The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. | 5.4 |
| 2018-04-12 | CVE-2015-4557 | Cross-site Scripting vulnerability in Nextendweb Nextend Twitter Connect Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. | 6.1 |