This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nextscripts First view 2019-03-21
Product Social Networks Auto Poster Last view 2023-12-15
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software wordpress  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:nextscripts:social_networks_auto_poster

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2023-12-15 CVE-2023-49183

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.
6.5 2022-02-01 CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack
6.1 2022-02-01 CVE-2021-24975

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue
6.1 2021-11-01 CVE-2021-38356

The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].
6.1 2019-03-21 CVE-2019-9911

The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.

CWE : Common Weakness Enumeration

%idName
80% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)