CVE-2025-1061: Critical Vulnerability in Nextend Social Login Pro for WordPress Leading to Authentication Bypass

A critical vulnerability has been identified in the Nextend Social Login Pro plugin for WordPress, affecting versions up to and including 3.1.16. The vulnerability (CVE-2025-1061) allows an unauthenticated attacker to log in as any existing user, including administrators if they have access to the email linked to those accounts. The flaw lies in the insufficient verification taking place during the Apple OAuth authentication request within the plugin. This vulnerability poses serious risks to the security and integrity of websites running this plugin.

Details of the Vulnerability

When using the Nextend Social Login Pro plugin to enable social login for users, the Apple OAuth authentication process does not properly verify the user supplied in the authentication request. As a result, an attacker with knowledge of the user's email address can potentially gain access to the user's account.

During the authentication process, the plugin receives an email from the OAuth API call from the Apple OAuth provider. The plugin then uses this email to log in the user, without ensuring that the email is correctly associated with a valid user. This allows attackers to bypass authentication and access sensitive user data and administrative functions.

Exploiting the Vulnerability

To exploit this vulnerability, an attacker needs access to the email address associated with a user account, including administrators. By knowing the user's email address and performing a successful Apple OAuth authentication request, the attacker can gain access to the affected account.

The following code snippet demonstrates the flawed authentication process

public function connectWithAppleOAuth() {
  $email = $this->appleDataProvider->getEmail();
  $user = get_user_by('email', $email);

  if ($user) {
    wp_set_auth_cookie($user->ID);
  } else {
    // Create new user
  }
}

In this code snippet, the $user variable is populated with a user object if an email is found in the database, but there is no proper verification of the returned user object or its actual association with a valid authentication request.

Mitigations and Solutions

To mitigate this vulnerability, it is highly advised to update to the latest version of the Nextend Social Login Pro plugin, which contains a fix for the authentication bypass. The official plugin repository can be found here: Nextend Social Login Pro

Additionally, website administrators should monitor their user activity logs and enable two-factor authentication (2FA) for all accounts, especially those with administrator access.

Original References

1. CVE-2025-1061 - Vulnerability Details
2. Nextend Social Login Pro Security Advisory
3. WordPress Plugin Repository

Conclusion

The CVE-2025-1061 vulnerability in the Nextend Social Login Pro plugin for WordPress poses a critical threat to websites running affected versions. It highlights the importance of proper user authentication and verification in plugins designed to handle user accounts. To protect against this vulnerability, website administrators should ensure they are using the latest version of the plugin, monitor user activity, and implement additional security measures like two-factor authentication.

Timeline

Published on: 02/07/2025 02:15:29 UTC