PT-2024-10841 · WordPress · Nextscripts: Social Networks Auto-Poster
John Castro
·
Published
2024-10-15
·
Updated
2024-10-20
·
CVE-2020-36831
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
NextScripts: Social Networks Auto-Poster plugin for WordPress versions prior to 4.3.17
Description
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions. This makes it possible for low-privileged attackers to perform restricted actions that would be otherwise locked to an administrative-level user.
Recommendations
For NextScripts: Social Networks Auto-Poster plugin for WordPress versions prior to 4.3.17: Update to the latest version to mitigate risks and protect your site from potential security bypass vulnerabilities.
Fix
Improper Access Control
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nextscripts: Social Networks Auto-Poster