RSS   Vulnerabilities for 'Social networks auto poster'   RSS

2022-02-01
 
CVE-2021-24975

CWE-79
 

 
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue

 
 
CVE-2021-25072

CWE-352
 

 
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack

 
2021-11-01
 
CVE-2021-38356

CWE-79
 

 
The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].

 


Copyright 2024, cxsecurity.com

 

Back to Top