Reflected XSS Vulnerability in WPWeb Social Auto Poster
CVE-2024-47369
7.1HIGH
Summary
A Cross-Site Scripting (XSS) vulnerability exists in the WPWeb Social Auto Poster plugin that allows attackers to execute arbitrary scripts in the browser of a user visiting a compromised web page. This vulnerability is due to improper neutralization of user input in the web page generation process. Consequently, if an attacker can manipulate inputs sent to the plugin, they may reflect malicious scripts back to users, posing significant risks to website visitors and data integrity.
Affected Version(s)
Social Auto Poster <= 5.3.15
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Bonds (Patchstack Alliance)