Low-Privileged Attackers Can Bypass Authorization in Social Networks Auto-Poster Plugin
CVE-2020-36831
5MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 16 October 2024
Summary
The NextScripts Social Networks Auto-Poster plugin for WordPress has a vulnerability that allows low-privileged users, such as subscribers, to bypass authorization controls. Due to missing capability checks in various user privilege functions, these users can execute actions that should be restricted to administrative users. This vulnerability affects multiple security functions in the plugin, potentially compromising the integrity and security of WordPress sites utilizing this plugin version 4.3.17 or earlier. Website administrators are advised to update to the latest version to mitigate the risk.
Affected Version(s)
NextScripts: Social Networks Auto-Poster * <= 4.3.17
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
John Castro