Cyber Resilience

CVE-2025-1061

Critical

Published: 07 February 2025

Published
07 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1061 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Nextendweb (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1061 is an authentication bypass vulnerability affecting the Nextend Social Login Pro plugin for WordPress in versions up to and including 3.1.16. The issue stems from insufficient verification of the user supplied during the Apple OAuth authentication request processed by the plugin, as identified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no privileges required. By supplying a manipulated user during the Apple OAuth flow, attackers who have access to an existing user's email—such as an administrator—can log in as that user, potentially gaining full control over the WordPress site.

Mitigation details are available in vendor advisories, including the Nextend Social Login Pro addon changelog at https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog/ and Apple provider documentation at https://nextendweb.com/nextend-social-login-docs/provider-apple/. Additional analysis is provided by Wordfence at https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve. Security practitioners should update to a patched version beyond 3.1.16 and review Apple OAuth configurations.

EU & UK References

Vulnerability details

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin.…

more

This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Direct remote auth bypass in public-facing WordPress plugin enables T1190 exploitation; resulting unauthorized access to existing accounts maps to T1078.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25357Shared CWE-288
CVE-2025-6895Shared CWE-288
CVE-2025-23504Shared CWE-288
CVE-2026-29139Shared CWE-288
CVE-2025-1564Shared CWE-288
CVE-2025-8359Shared CWE-288
CVE-2026-27389Shared CWE-288
CVE-2025-7710Shared CWE-288
CVE-2026-27049Shared CWE-288
CVE-2024-13182Shared CWE-288

Affected Assets

Nextendweb
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of information inputs, directly mitigating the insufficient verification of the user supplied during the Apple OAuth request.

prevent

Establishes processes for validating credentials from identity providers like Apple, preventing authentication bypass in OAuth flows.

prevent

Mandates timely remediation of flaws in plugins like Nextend Social Login Pro, eliminating the authentication bypass vulnerability via patching.

References