WordPress Plugin Vulnerabilities

NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets.

Affects Plugins

Plugin icon
social-networks-auto-poster-facebook-twitter-g
Fixed in 4.4.4

References

CVE
CVE-2024-2088
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/70724bc7-c1f4-4965-8bba-99b2ed21d34b

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Colin Xu
Verified
No
WPVDB ID
2cf915dc-bb6b-40fb-a876-f91110c84353

Timeline

Publicly Published
2024-05-21 (about 1 year ago)
Added
2024-05-22 (about 1 year ago)
Last Updated
2024-05-22 (about 1 year ago)

Other

Published
Title
Published
2024-03-19
Title
Easy Maintenance Mode <= 1.4.2 - Information Exposure
Published
2025-06-05
Title
KI Live Video Conferences <= 5.5.15 - Unauthenticated Information Disclosure
Published
2024-09-03
Title
The Ultimate WordPress Toolkit – WP Extended < 3.0.9 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2024-08-27
Title
Mollie Payments for WooCommerce < 7.8.0 - Unauthenticated Full Path Disclosure
Published
2022-12-05
Title
Autoptimize < 3.1.0 - Sensitive Data Disclosure