128 matches found
VulnCheck KEV: CVE-2020-36831
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like...
PT-2024-10841 · WordPress · Nextscripts: Social Networks Auto-Poster
Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster plugin for WordPress versions prior to 4.3.17 Description: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on...
CVE-2024-37275
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6...
CVE-2024-37275
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows DOM-Based XSS.This issue affects NextScripts: from n/a through = 4.4.7...
CVE-2024-37275
CVE-2024-37275 is a WordPress NextScripts plugin
CVE-2024-37275 WordPress NextScripts plugin <= 4.4.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows DOM-Based XSS.This issue affects NextScripts: from n/a through = 4.4.7...
CVE-2024-37275 WordPress NextScripts plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6...
PT-2024-27438 · Unknown · Nextscripts
Name of the Vulnerable Software and Affected Versions: NextScripts versions through 4.4.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions through...
WordPress NextScripts plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NextScripts versions = 4.4.6...
WordPress NextScripts Plugin <= 4.4.6 is vulnerable to Cross Site Scripting (XSS)
Software NextScripts Type Plugin Vulnerable versions = 4.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37275 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 14f7bee61316 Credits Rafie Muhammad Patchstack Required...
CVE-2024-1762
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-1762
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-2088
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...
CVE-2024-2088
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...
CVE-2024-1446
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...
CVE-2024-1446
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...
CVE-2024-2088
CVE-2024-2088 affects NextScripts: Social Networks Auto-Poster for WordPress (all versions up to and including 4.4.3). The vulnerability is a Sensitive Information Exposure via the nxs_getExpSettings function that allows authenticated users with subscriber access and higher to disclose social net...
CVE-2024-1762
CVE-2024-1762 affects NextScripts: Social Networks Auto-Poster for WordPress. The vulnerability is Stored XSS in HTTP_USER_AGENT present in all versions up to 4.4.3 due to insufficient sanitization/escaping. Exploitation requires the victim to view the page with the cron events list (“All Cron Ev...
CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...
CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...