Karl.Fail

Tag: oauth

  • CVE-2025-1061: Critical Authentication Bypass in Nextend Social Login Pro via Apple OAuth

    Overview

    CVE-2025-1061 is a critical authentication bypass vulnerability in the Nextend Social Login Pro plugin for WordPress. Versions up to and including 3.1.16 are affected. The flaw allows unauthenticated attackers to log in as any existing user, including administrators, by exploiting weaknesses in the Apple OAuth authentication process.

    Technical Details

    The vulnerability stems from insufficient verification of the user data provided during the Apple OAuth authentication request. Specifically, the plugin fails to securely validate the identity of the user returned by Apple, enabling attackers who know or can guess an existing user’s email address to log in without needing their password or valid credentials.

    This issue is classified under CWE-288: Authentication Bypass Using an Alternate Path or Channel. By bypassing the standard login mechanisms, an attacker can impersonate site administrators or other privileged users, gaining full access to the WordPress dashboard and potentially compromising the entire website.

    CVSS Score

    The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical), indicating the highest level of severity:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
    • Impact: High (Confidentiality, Integrity, Availability)

    Impacted Versions

    All versions of Nextend Social Login Pro up to and including 3.1.16 are affected. Site owners using this plugin should check their version immediately.

    Mitigation

    • Update to the latest version of the plugin that contains a patch for this issue.
    • Audit user access and check for signs of unauthorized logins, especially for administrator accounts.
    • Reconfigure or disable Apple OAuth login until you are certain the patch is in place and effective.

    Conclusion

    OAuth integrations simplify user login but must be handled with strict validation and security checks. This incident underscores the importance of never trusting identity assertions without verification. Plugin developers and site administrators alike should take extra precautions with third-party login providers.

    For more details, consult the official advisory on Wordfence or view the plugin documentation on Nextend.