cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36831,https://securityvulnerability.io/vulnerability/CVE-2020-36831,Low-Privileged Attackers Can Bypass Authorization in Social Networks Auto-Poster Plugin,"The NextScripts Social Networks Auto-Poster plugin for WordPress has a vulnerability that allows low-privileged users, such as subscribers, to bypass authorization controls. Due to missing capability checks in various user privilege functions, these users can execute actions that should be restricted to administrative users. This vulnerability affects multiple security functions in the plugin, potentially compromising the integrity and security of WordPress sites utilizing this plugin version 4.3.17 or earlier. Website administrators are advised to update to the latest version to mitigate the risk.",Wordpress,Nextscripts: Social Networks Auto-poster,5,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-16T06:43:28.112Z,0
CVE-2024-1762,https://securityvulnerability.io/vulnerability/CVE-2024-1762,Stored Cross-Site Scripting Vulnerability in NextScripts Social Networks Auto-Poster Plugin for WordPress,"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view ""All Cron Events"" in order for the injection to fire.",Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T06:50:34.682Z,0
CVE-2024-2088,https://securityvulnerability.io/vulnerability/CVE-2024-2088,Sensitive Information Exposure Vulnerability Affects NextScripts Social Networks Auto-Poster Plugin for WordPress,"The NextScripts Social Networks Auto-Poster plugin for WordPress has a vulnerability that enables authenticated attackers, with subscriber privileges and higher, to exploit the 'nxs_getExpSettings' function. This flaw permits unauthorized access to sensitive data, including social network API keys and secrets, potentially compromising user accounts and associated social media integrations. Users are advised to update their plugins to the latest version to mitigate potential security risks.",Wordpress,Nextscripts: Social Networks Auto-poster,8.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T06:50:34.168Z,0
CVE-2024-1446,https://securityvulnerability.io/vulnerability/CVE-2024-1446,Cross-Site Request Forgery Vulnerability in Social Networks Auto-Poster plugin for WordPress,"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Nextscripts: Social Networks Auto-poster,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-22T06:50:33.049Z,0
CVE-2021-25072,https://securityvulnerability.io/vulnerability/CVE-2021-25072,NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF,"The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack",Wordpress,Nextscripts: Social Networks Auto-poster,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-02-01T12:21:35.000Z,0
CVE-2021-24975,https://securityvulnerability.io/vulnerability/CVE-2021-24975,NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS,"The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue",Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2022-02-01T12:21:33.000Z,0
CVE-2021-38356,https://securityvulnerability.io/vulnerability/CVE-2021-38356,NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting,The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].,Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2021-11-01T21:15:00.000Z,0