Cross-Site Scripting Vulnerability in NextScripts Social Networks Auto-Poster Plugin for WordPress
CVE-2019-9911

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Social Networks Auto Poster
Vendor
CVE Published:
22 March 2019

Summary

The NextScripts Social Networks Auto-Poster plugin for WordPress prior to version 4.2.8 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited via crafted requests sent to the wp-admin/admin.php endpoint, particularly when editing the 'reposter' action. An attacker could utilize this flaw to inject malicious scripts into the user's session, potentially compromising sensitive data or executing unauthorized actions on behalf of the user.

References

https://lists.openwall.net/full-disclosure/2019/02/05/12
x_refsource_MISC
https://security-consulting.icu/blog/2019/02/wordpress-so...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Mar/40
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.