CVE-2023-49183 WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...

WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49183 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43a77de242d5 Credits Le Ngoc Anh Required privilege...

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

CVE-2021-24975

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue...

CVE-2021-38356

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $REQUEST'page' parameter which is echoed out on inc/nxsclasssnap.php by supplying the appropriate value 'nxssnap-post' to load the page in $GET'page' along with malicious...

CVE-2021-38356 NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $REQUEST'page' parameter which is echoed out on inc/nxsclasssnap.php by supplying the appropriate value 'nxssnap-post' to load the page in $GET'page' along with malicious...