CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

WordPress Auto Post Scheduler plugin <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via apsoptionspage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Auto Post Scheduler versions = 1.84...

CVE-2026-1877

Auto Post Scheduler for WordPress (up to version 1.84) is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the aps_options_page function, allowing unauthenticated attackers to update settings and inject malicious scripts via forged requests if a site admin is tricked in...

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

WordPress plugin Auto Post Scheduler 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-29196

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps options page' function. This makes it possible for unauthenticated attackers to update settings and inject...