CVE-2025-1061
Published: 07 February 2025
Summary
CVE-2025-1061 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Nextendweb (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of information inputs, directly mitigating the insufficient verification of the user supplied during the Apple OAuth request.
Establishes processes for validating credentials from identity providers like Apple, preventing authentication bypass in OAuth flows.
Mandates timely remediation of flaws in plugins like Nextend Social Login Pro, eliminating the authentication bypass vulnerability via patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote auth bypass in public-facing WordPress plugin enables T1190 exploitation; resulting unauthorized access to existing accounts maps to T1078.
NVD Description
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin.…
more
This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Deeper analysisAI
CVE-2025-1061 is an authentication bypass vulnerability affecting the Nextend Social Login Pro plugin for WordPress in versions up to and including 3.1.16. The issue stems from insufficient verification of the user supplied during the Apple OAuth authentication request processed by the plugin, as identified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no privileges required. By supplying a manipulated user during the Apple OAuth flow, attackers who have access to an existing user's email—such as an administrator—can log in as that user, potentially gaining full control over the WordPress site.
Mitigation details are available in vendor advisories, including the Nextend Social Login Pro addon changelog at https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/ and Apple provider documentation at https://nextendweb.com/nextend-social-login-docs/provider-apple/. Additional analysis is provided by Wordfence at https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve. Security practitioners should update to a patched version beyond 3.1.16 and review Apple OAuth configurations.
Details
- CWE(s)