Stored Cross-Site Scripting Vulnerability in Social Auto Poster plugin
CVE-2024-6753

7.2HIGH

Key Information:

Vendor: WordPress
Status: Social Auto Poster
Vendor: CVE Published:; 24 July 2024

What is CVE-2024-6753?

The Social Auto Poster plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting via the 'mapTypes' parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function. This security flaw arises from inadequate input sanitization and output escaping, enabling unauthenticated attackers to inject malicious web scripts. These scripts can execute in the browser of any user accessing the compromised page, leading to potential data breaches or hijacking of user sessions. It is crucial for users of the plugin to apply necessary updates or patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Social Auto Poster 0 <= 5.3.14

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/social-auto-poster-wordpress-...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2024

Credit

István Márton

CVE-2024-6753 Data

JSON