Nextendweb Nextend Facebook Connect vulnerabilities
2 known vulnerabilities affecting nextendweb/nextend_facebook_connect.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2014-8800P4MEDIUMCVSS 4.3PoC≤ 1.5.02014-12-05
CVE-2014-8800 [MEDIUM] CWE-79 CVE-2014-8800: Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Co
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
nvd
CVE-2025-58031P4MEDIUMCVSS 6.5≤ 3.1.192025-09-22
CVE-2025-58031 [MEDIUM] CWE-79 CVE-2025-58031: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through <= 3.1.19.
nvd