WordPress Plugin Vulnerabilities

NextScripts: Social Networks Auto-Poster < 4.3.18 - Insufficient Privilege Validation

Description

The plugin is giving access to several functionalities without proper authorisation checks, allowing low privileged attackers the possibility to Remove Posts (by corrupting the post type and other data), Post Arbitrary Information in the site social networks as well as Change the plugin settings.

Affects Plugins

Plugin icon
social-networks-auto-poster-facebook-twitter-g
Fixed in 4.3.18

References

URL
https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.1 (high)

Miscellaneous

Original Researcher
John Castro (Sucuri)
Verified
No
WPVDB ID
0641578b-16b9-4d79-af69-b4886840da36

Timeline

Publicly Published
2020-09-05 (about 5 years ago)
Added
2020-09-05 (about 5 years ago)
Last Updated
2020-09-06 (about 5 years ago)

Other

Published
Title
Published
2024-12-04
Title
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins < 2.0.59 - Sensitive Information Exposure
Published
2023-12-14
Title
WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS
Published
2021-11-29
Title
WP Mail Logging < 1.10.0 - Outdated Redux Framework
Published
2022-02-11
Title
Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update
Published
2024-06-06
Title
Strong Testimonials < 3.1.13 - Authenticated(Contributor+) Improper Authorization to Views Modification