Vulnerabilities > Nextscripts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2020-36831 | Missing Authorization vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. | 6.5 |
| 2024-07-22 | CVE-2024-37275 | Unspecified vulnerability in Nextscripts Social Networks Auto Poster Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6. | 6.1 |
| 2024-05-22 | CVE-2024-1446 | Cross-Site Request Forgery (CSRF) vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. | 4.3 |
| 2024-05-22 | CVE-2024-1762 | Cross-site Scripting vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-05-22 | CVE-2024-2088 | Unspecified vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. | 6.5 |
| 2023-12-15 | CVE-2023-49183 | Unspecified vulnerability in Nextscripts Social Networks Auto Poster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. | 6.1 |
| 2022-02-01 | CVE-2021-24975 | Unspecified vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue | 6.1 |
| 2022-02-01 | CVE-2021-25072 | Unspecified vulnerability in Nextscripts Social Networks Auto Poster The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack | 6.5 |
| 2019-03-22 | CVE-2019-9911 | Cross-site Scripting vulnerability in Nextscripts Social Networks Auto Poster The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | 6.1 |