Summary
Detail | |||
---|---|---|---|
Vendor | Nextscripts | First view | 2019-03-21 |
Product | Social Networks Auto Poster | Last view | 2023-12-15 |
Version | * | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | wordpress | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:nextscripts:social_networks_auto_poster |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2023-12-15 | CVE-2023-49183 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. |
6.5 | 2022-02-01 | CVE-2021-25072 | The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack |
6.1 | 2022-02-01 | CVE-2021-24975 | The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue |
6.1 | 2021-11-01 | CVE-2021-38356 | The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page']. |
6.1 | 2019-03-21 | CVE-2019-9911 | The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
80% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
20% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |