Bugsec group security researcher, Liran Segal, has discovered a security flaw in WordPress Nextend Social plugins in one of our recent penetration tests.
The vulnerability (CVE-2015-4413) exists in:
- “Nextend Facebook Connect 1.5.4”
- “Nextend Twitter Connect 1.5.1”
- “Nextend Google Connect 1.5.1”
In order to solve this security flaw you will need to add the “html entities” function (http://php.net/htmlentities) as you can see in the image:
We have disclosed (07.06.2015) the full details of the flaw to Nextend Social Plugins.
The writer is a senior penetration tester of Bugsec Security.
Bugsec security group is a leading offensive security company located in Israel and focusing on penetration testing, cyber simulations and more. We have experience testing dozens of security tools and applications. Our team consists of more than 40 experienced hackers working with many major enterprises.