WordPress Plugin NextScripts: Social Networks Auto-Poster Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin NextScripts: Social Networks Auto-Poste...

PT-2023-31101 · Nextscripts · Nextscripts: Social Networks Auto-Poster

Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster versions n/a through 4.4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

NextScripts < 4.4.3 - Reflected Cross-Site Scripting via code

Description The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49183 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43a77de242d5 Credits Le Ngoc Anh Required privilege...

NextScripts: Social Networks Auto-Poster < 4.3.26 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=nxssnap&a"alert/XSS/...

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.25 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.25. Solution Update the WordPress NextScripts plugin to the latest available version at least 4.3.26...

NextScripts: Social Networks Auto-Poster < 4.3.26 - Reflected Cross-Site Scripting

The plugin does not escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=nxssnap"...

WordPress NextScripts:Social Networks Auto-Poster plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress NextScripts:Social Networks Auto-Poster plugin is vulnerable to cross-site request forgery in versions prior to 4.3.25. The vulnerability stems from the fact that there is no CSRF check...

WordPress NextScripts:Social Networks Auto-Poster插件跨站脚本漏洞

NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

CVE-2021-24975

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue...

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

CVE-2021-24975

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue...

Cross site request forgery (csrf)

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

Cross site scripting

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue...

CVE-2021-25072 NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

CVE-2021-25072

CVE-2021-25072 affects the WordPress plugin NextScripts: Social Networks Auto-Poster (versions before 4.3.25). The issue is a missing CSRF check when deleting items, allowing an attacker to induce a logged-in admin to delete arbitrary posts via a CSRF attack. Public references describe the vulner...

CVE-2021-24975

CVE-2021-24975 affects the NextScripts: Social Networks Auto-Poster WordPress plugin prior to version 4.3.24. The issue is an unauthenticated stored XSS caused by not sanitising/escaping logged requests before output in the related admin dashboard. Impact is described as stored XSS with low to me...

CVE-2021-24975 NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue...

WordPress plugin跨站脚本漏洞

NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...