WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-26532

8.8HIGH

Key Information:

Vendor: WordPress
Status: Social Auto Poster
Vendor: CVE Published:; 22 November 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in versions of the AccessPress Themes Social Auto Poster plugin up to 2.1.4. This vulnerability could allow attackers to compel users to perform actions without their consent, potentially compromising user accounts and enabling unauthorized content sharing. It's crucial for users and administrators to promptly update their plugins to protect against this security risk.

Affected Version(s)

Social Auto Poster <= 2.1.4

References

https://patchstack.com/database/vulnerability/accesspress...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Feb 24, 2023

Credit

Rio Darmawan (Patchstack Alliance)