WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Nextend Facebook Connect safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Nextend Facebook Connect WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: nextend-facebook-connect
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): <8.0

Known vulnerabilities

  • Nextend Social Login and Register [nextend-facebook-connect] < 1.5.6 [CVE-2015-4413, Nextend Social Login and Register <= 1.5.5 - Reflected Cross-Site Scripting, Nextend Facebook Connect &lt;= 1.5.4 - Reflected Cross-Site Scripting (XSS)]
  • Nextend Social Login and Register [nextend-facebook-connect] < 1.5.1 [CVE-2014-8800, WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS, Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting, Nextend Facebook Connect &lt;= 1.4.59 - Cross-Site Scripting (XSS)]
  • Nextend Social Login and Register [nextend-facebook-connect] < 1.5.9 [Nextend Facebook Connect <= 1.5.8 - Cross-Site Request Forgery]
  • Nextend Social Login and Register [nextend-facebook-connect] < 1.5.8 [Nextend Facebook Connect &lt;= 1.5.7 - Cross-Site Request Forgery (CSRF)]
  • Nextend Social Login and Register [nextend-facebook-connect] < 3.1.13 [CVE-2024-1775, Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description, WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS), Nextend Social Login and Register &lt; 3.1.13 - Reflected Self-Based Cross-Site Scripting via error_description]
+ 2 more known vulnerabilities
  • Nextend Social Login and Register [nextend-facebook-connect] < 3.1.20 [CVE-2025-58031, WordPress Nextend Facebook Connect Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS), Nextend Facebook Connect <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-30598]
  • Nextend Social Login and Register [nextend-facebook-connect] < 3.1.22 [CVE-2025-13737, Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.