PLUGIN SECURITY
Is Nextend Facebook Connect safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Nextend Facebook Connect WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
nextend-facebook-connect - Requires PHP: 7.4+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Nextend Social Login and Register [nextend-facebook-connect] < 1.5.6 [CVE-2015-4413, Nextend Social Login and Register <= 1.5.5 - Reflected Cross-Site Scripting, Nextend Facebook Connect <= 1.5.4 - Reflected Cross-Site Scripting (XSS)]
- Nextend Social Login and Register [nextend-facebook-connect] < 1.5.1 [CVE-2014-8800, WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS, Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting, Nextend Facebook Connect <= 1.4.59 - Cross-Site Scripting (XSS)]
- Nextend Social Login and Register [nextend-facebook-connect] < 1.5.9 [Nextend Facebook Connect <= 1.5.8 - Cross-Site Request Forgery]
- Nextend Social Login and Register [nextend-facebook-connect] < 1.5.8 [Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)]
- Nextend Social Login and Register [nextend-facebook-connect] < 3.1.13 [CVE-2024-1775, Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description, WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS), Nextend Social Login and Register < 3.1.13 - Reflected Self-Based Cross-Site Scripting via error_description]
+ 2 more known vulnerabilities
- Nextend Social Login and Register [nextend-facebook-connect] < 3.1.20 [CVE-2025-58031, WordPress Nextend Facebook Connect Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS), Nextend Facebook Connect <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-30598]
- Nextend Social Login and Register [nextend-facebook-connect] < 3.1.22 [CVE-2025-13737, Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Site Kit by Google – Analytics, Search Console, AdSense, Speed — 5000000+ active installs
- Widgets for Google Reviews — 900000+ active installs — max PHP 8.4
- Google for WooCommerce — 800000+ active installs
- Meta for WooCommerce — 400000+ active installs — max PHP 8.4
- Meta pixel for WordPress — 400000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.