Lucene search
K

7 matches found

Patchstack
Patchstack
added 2026/03/31 11:2 a.m.5 views

WordPress Auto Post Scheduler plugin <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via apsoptionspage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Auto Post Scheduler versions = 1.84...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/31 6:31 a.m.2 views

EUVD-2026-17321

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 6:16 a.m.5 views

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 5:28 a.m.2 views

CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 5:28 a.m.29 views

CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 5:28 a.m.22 views

CVE-2026-1877

Auto Post Scheduler for WordPress (up to version 1.84) is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the aps_options_page function, allowing unauthenticated attackers to update settings and inject malicious scripts via forged requests if a site admin is tricked in...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.13 views

PT-2026-29196

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps options page' function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder