CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2024-1446 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

CVE-2024-1446 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

WordPress NextScripts plugin <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure vulnerability

AuthenticatedSubscriber+ Sensitive Information Exposure vulnerability discovered by Colin Xu in WordPress Plugin NextScripts versions = 4.4.3...

WordPress NextScripts plugin <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin NextScripts versions = 4.4.3...

WordPress NextScripts plugin <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent vulnerability

Unauthenticated Stored Cross-Site Scripting via User Agent vulnerability discovered by Piotr Kuśpit in WordPress Plugin NextScripts versions = 4.4.3...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Sensitive Data Exposure

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2088 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3f1f558bcdc3 Credits Colin Xu Required privilege...

WordPress plugin NextScripts Social Networks Auto-Poster 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site...

PT-2024-18791 · WordPress · Nextscripts: Social Networks Auto-Poster

Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster plugin for WordPress versions up to, and including, 4.4.3 Description: The issue allows authenticated attackers with subscriber access and above to extract sensitive data, including social network API...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1762 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c09536c816a Credits Piotr Kuśpit Required...

WordPress plugin NextScripts Social Networks Auto-Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1446 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 891652032504 Credits Krzysztof Zając Required...

PT-2024-18284 · WordPress · Nextscripts: Social Networks Auto-Poster

Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster plugin for WordPress versions up to, and including, 4.4.3 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets...

CVE-2023-49183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...

CVE-2023-49183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...

CVE-2023-49183

CVE-2023-49183 is a reflected XSS in NextScripts: Social Networks Auto-Poster for WordPress, affecting versions up to 4.4.2. Root cause: improper input handling for the 'code' parameter leading to unescaped output. Impact stated in sources: Reflected XSS; exploitation could occur via crafted inpu...

CVE-2023-49183 WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2...