CVE-2024-6752

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpname’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it...

WordPress Social Auto Poster plugin <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions vulnerability

Cross-Site Request Forgery via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin Social Auto Poster versions = 5.3.14...

WordPress Social Auto Poster plugin <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by István Márton in WordPress Plugin Social Auto Poster versions = 5.3.14...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...

PT-2024-37850 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue arises from a missing capability check on the wpw auto poster update tweet template function, allowing authenticated attackers with...

WordPress plugin Social Auto Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Social Auto Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-37851 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to a missing capability check on the wpw auto poster quick delete multiple function, allowing unauthenticated attackers to delete...

Symfony 5.3.14, 5.4.3, 6.0.3 CSRF Vulnerability (GHSA-vvmr-8829-6whx)

Symfony is prone to a missing cross-site request forgery CSRF token vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...