Vulnerabilities > CVE-2024-2088 - Unspecified vulnerability in Nextscripts Social Networks Auto Poster
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/browser/social-networks-auto-poster-facebook-twitter-g/trunk/inc/nxs_functions_wp.php#L620
- https://plugins.trac.wordpress.org/browser/social-networks-auto-poster-facebook-twitter-g/trunk/inc/nxs_functions_wp.php#L620
- https://plugins.trac.wordpress.org/changeset/3084635/social-networks-auto-poster-facebook-twitter-g/trunk/inc/nxs_functions_wp.php?contextall=1
- https://plugins.trac.wordpress.org/changeset/3084635/social-networks-auto-poster-facebook-twitter-g/trunk/inc/nxs_functions_wp.php?contextall=1
- https://www.wordfence.com/threat-intel/vulnerabilities/id/70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=cve