WordPress Plugin Vulnerabilities

Autoshare for Twitter < 2.3.2 - Missing Authorization

Description

The Autopost for X (formerly Autoshare for Twitter) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
autoshare-for-twitter
Fixed in 2.3.2

References

CVE
CVE-2026-25311
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac05441d-137e-433a-86bd-a702ec664db0

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No
WPVDB ID
117876f0-0cce-4951-836e-17f725e5faec

Timeline

Publicly Published
2026-01-22 (about 3 months ago)
Added
2026-05-04 (about 9 days ago)
Last Updated
2026-05-04 (about 9 days ago)

Other

Published
Title
Published
2025-11-03
Title
Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-03-31
Title
Safe Ai Malware Protection for WP <= 1.0.20 - Missing Authorization
Published
2025-12-31
Title
Tasty Recipes Lite < 1.1.6 - Missing Authorization
Published
2026-01-05
Title
Quiz and Survey Master (QSM) < 10.3.2 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads
Published
2024-05-23
Title
Schema App Structured Data < 2.2.1 - Missing Authorization