cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12071,https://securityvulnerability.io/vulnerability/CVE-2024-12071,Unauthorized Data Loss Vulnerability in Evergreen Content Poster Plugin for WordPress,"The Evergreen Content Poster plugin for WordPress has a security flaw that allows unauthorized individuals to delete posts and pages without proper authentication. This vulnerability arises from a missing capability check within the delete_network_post() function. As a result, unauthenticated users can exploit this flaw to manipulate content, posing significant risks to the integrity of the website. It is essential for users of the plugin to apply updates and follow security best practices to safeguard their content.",Wordpress,Evergreen Content Poster – Auto Post And Schedule Your Best Content To Social Media,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-18T03:21:12.989Z,0
CVE-2020-36831,https://securityvulnerability.io/vulnerability/CVE-2020-36831,Low-Privileged Attackers Can Bypass Authorization in Social Networks Auto-Poster Plugin,"The NextScripts Social Networks Auto-Poster plugin for WordPress has a vulnerability that allows low-privileged users, such as subscribers, to bypass authorization controls. Due to missing capability checks in various user privilege functions, these users can execute actions that should be restricted to administrative users. This vulnerability affects multiple security functions in the plugin, potentially compromising the integrity and security of WordPress sites utilizing this plugin version 4.3.17 or earlier. Website administrators are advised to update to the latest version to mitigate the risk.",Wordpress,Nextscripts: Social Networks Auto-poster,5,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-16T06:43:28.112Z,0
CVE-2024-6755,https://securityvulnerability.io/vulnerability/CVE-2024-6755,Unauthorized Post Deletion Vulnerability Affects Social Auto Poster Plugin,"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.",Wordpress,Social Auto Poster,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6754,https://securityvulnerability.io/vulnerability/CVE-2024-6754,Unauthorized Modification of Data in Social Auto Poster Plugin,"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata.",Wordpress,Social Auto Poster,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6753,https://securityvulnerability.io/vulnerability/CVE-2024-6753,Stored Cross-Site Scripting Vulnerability in Social Auto Poster plugin,"The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Social Auto Poster,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6750,https://securityvulnerability.io/vulnerability/CVE-2024-6750,Unauthorized Access to Post Meta and Plugin Options in Social Auto Poster Plugin,"The Social Auto Poster plugin for WordPress suffers from a vulnerability that enables unauthorized access and manipulation of data due to insufficient capability checks present in multiple functions. This flaw affects all versions up to and including 5.3.14, allowing unauthenticated attackers the ability to add, modify or delete post meta data and plugin options, posing significant risks to the integrity and security of WordPress sites utilizing this plugin.",Wordpress,Social Auto Poster,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6756,https://securityvulnerability.io/vulnerability/CVE-2024-6756,WordPress Plugin Vulnerable to Arbitrary File Upload Exploit,"The Social Auto Poster plugin for WordPress is susceptible to an arbitrary file upload flaw due to inadequate file type validation in the 'wpw_auto_poster_get_image_path' function. This vulnerability affects all versions of the plugin up to and including 5.3.14. Authenticated attackers with Contributor role or higher can exploit this weakness to upload files to the server, potentially allowing the execution of arbitrary code. An additional vulnerability, CVE-2024-6754, may enable exploitation with subscriber-level access, further increasing the risk of a security breach.",Wordpress,Social Auto Poster,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6751,https://securityvulnerability.io/vulnerability/CVE-2024-6751,Cross-Site Request Forgery vulnerability in Social Auto Poster plugin for WordPress,"The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.",Wordpress,Social Auto Poster,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-6752,https://securityvulnerability.io/vulnerability/CVE-2024-6752,Stored Cross-Site Scripting Vulnerability Affects Social Auto Poster Plugin for WordPress,"The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Social Auto Poster,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-24T03:15:00.000Z,0
CVE-2024-1762,https://securityvulnerability.io/vulnerability/CVE-2024-1762,Stored Cross-Site Scripting Vulnerability in NextScripts Social Networks Auto-Poster Plugin for WordPress,"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view ""All Cron Events"" in order for the injection to fire.",Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T06:50:34.682Z,0
CVE-2024-2088,https://securityvulnerability.io/vulnerability/CVE-2024-2088,Sensitive Information Exposure Vulnerability Affects NextScripts Social Networks Auto-Poster Plugin for WordPress,"The NextScripts Social Networks Auto-Poster plugin for WordPress has a vulnerability that enables authenticated attackers, with subscriber privileges and higher, to exploit the 'nxs_getExpSettings' function. This flaw permits unauthorized access to sensitive data, including social network API keys and secrets, potentially compromising user accounts and associated social media integrations. Users are advised to update their plugins to the latest version to mitigate potential security risks.",Wordpress,Nextscripts: Social Networks Auto-poster,8.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T06:50:34.168Z,0
CVE-2024-1446,https://securityvulnerability.io/vulnerability/CVE-2024-1446,Cross-Site Request Forgery Vulnerability in Social Networks Auto-Poster plugin for WordPress,"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Nextscripts: Social Networks Auto-poster,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-22T06:50:33.049Z,0
CVE-2021-25072,https://securityvulnerability.io/vulnerability/CVE-2021-25072,NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF,"The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack",Wordpress,Nextscripts: Social Networks Auto-poster,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-02-01T12:21:35.000Z,0
CVE-2021-24975,https://securityvulnerability.io/vulnerability/CVE-2021-24975,NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS,"The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue",Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2022-02-01T12:21:33.000Z,0
CVE-2021-38356,https://securityvulnerability.io/vulnerability/CVE-2021-38356,NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting,The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].,Wordpress,Nextscripts: Social Networks Auto-poster,6.1,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2021-11-01T21:15:00.000Z,0
CVE-2019-9911,https://securityvulnerability.io/vulnerability/CVE-2019-9911,,The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.,Wordpress,Social Networks Auto Poster,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,false,false,2019-03-22T00:29:00.000Z,0