WordPress Plugin Vulnerabilities
NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF
Description
The plugin does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack
Proof of Concept
https://example.com/wp-admin/admin.php?page=nxssnap-reposter&item=1&action=delete
Affects Plugins
Fixed in version 4.3.25
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-01-03 (about 8 months ago)
Added
2022-01-03 (about 8 months ago)
Last Updated
2022-04-08 (about 5 months ago)