PT-2024-18791 · WordPress · Nextscripts: Social Networks Auto-Poster
Colin Xu
·
Published
2024-05-22
·
Updated
2024-05-22
·
CVE-2024-2088
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NextScripts: Social Networks Auto-Poster plugin for WordPress versions up to, and including, 4.4.3
Description
The issue allows authenticated attackers with subscriber access and above to extract sensitive data, including social network API keys and secrets, via the
nxs getExpSettings function.Recommendations
For versions up to, and including, 4.4.3, consider disabling the
nxs getExpSettings function until a patch is available to prevent sensitive information exposure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability. Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextscripts: Social Networks Auto-Poster