Nextendweb — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Nextendweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nextendweb develops WordPress and Joomla extensions for building websites and online stores. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely reported, the 10 CVEs on record indicate consistent security challenges, particularly in their form builder and social login components. Their extensions' broad functionality and integration with multiple platforms create complex attack surfaces that require careful configuration and regular updates to mitigate risks.

Top products by Nextendweb: Smart Slider 3 Nextend Social Login and Register Nextend Social Login Pro Nextend Facebook Connect Smart Slider 3 Pro for WordPress

CVEs 10

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34424	Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit — Smart Slider 3 Pro for WordPressCWE-506	9.8	Critical	2026-04-09
CVE-2026-4065	Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation — Smart Slider 3CWE-862	5.4	Medium	2026-04-07
CVE-2026-3098	Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll — Smart Slider 3CWE-862	6.5	Medium	2026-03-27
CVE-2025-13737	Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login — Nextend Social Login and RegisterCWE-352	4.3	Medium	2025-11-28
CVE-2025-58031	WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability — Nextend Facebook ConnectCWE-79	6.5	Medium	2025-09-22
CVE-2025-6348	Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter — Smart Slider 3CWE-89	4.9	Medium	2025-07-30
CVE-2025-1061	Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider — Nextend Social Login ProCWE-288	9.8	Critical	2025-02-07
CVE-2024-9893	Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider — Nextend Social Login ProCWE-288	9.8	Critical	2024-10-16
CVE-2024-3027	Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload — Smart Slider 3CWE-285	6.4	Medium	2024-04-13
CVE-2024-1775	Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description — Nextend Social Login and RegisterCWE-79	5.4	Medium	2024-03-02

This page lists every published CVE security advisory associated with Nextendweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Nextendweb — Vulnerabilities & Security Advisories 10