CVE-2025-13737 | Nextend Social Login and Register Plugin up to 3.1.21 on WordPress unlinkUser cross-site request forgery

Inserito da Angelo Barbosa | Nov 27, 2025 | CVE

A vulnerability was found in Nextend Social Login and Register Plugin up to 3.1.21 on WordPress. It has been declared as problematic. This vulnerability affects the function unlinkUser. Such manipulation leads to cross-site request forgery.

This vulnerability is referenced as CVE-2025-13737. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13737 | Nextend Social Login and Register Plugin up to 3.1.21 on WordPress unlinkUser cross-site request forgery

Post correlati

CVE-2024-48904 | Trend Micro Cloud Edge REST API command injection (ZDI-24-1418)

CVE-2024-44778 | vTiger CRM 7.4.0 parent cross site scripting

CVE-2023-44297 | Dell PowerEdge BIOS 1.4.4 unknown vulnerability (dsa-2023-429)

CVE-2022-34561 | PHPFox 4.8.9 video description cross site scripting