MEDIUM🇬🇧 English

CVE-2024-1762

CVSS 6.1v3.1pub. 2024-05-22upd. 2026-04-08

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view "All Cron Events" in order for the injection to fire.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Nextscripts Social Networks Auto Poster

    APP
    Nextscripts
    < 4.4.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-37275HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScri...

CVE-2024-2088HIGH8.5ten sam produkt

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Expos...

CVE-2023-49183HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScri...

CVE-2020-36831MEDIUM5.0ten sam produkt

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to...

CVE-2024-1446MEDIUM5.4ten sam produkt

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery ...

CVE-2024-1762 — MEDIUM 6.1 | CVEbaza.pl