Cross-Site Request Forgery vulnerability in Social Auto Poster plugin for WordPress

CVE-2024-6751

6.5MEDIUM

Key Information

Vendor: Social Auto Poster
Status: Social Auto Poster
Vendor: CVE Published:; 24 July 2024

Summary

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 24, 2024

Collectors

NVD Database