The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LNextscripts Social Networks Auto Poster
APPNextscripts< 4.4.4
Powiązane podatności
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScri...
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Expos...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScri...
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to...
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting...