CVE-2025-12064

Name of the Vulnerable Software and Affected Versions WP2Social Auto Publish versions through 2.4.7

Description The WP2Social Auto Publish plugin for WordPress is susceptible to Reflected Cross-Site Scripting via PostMessage due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link.

Recommendations Update WP2Social Auto Publish to a version later than 2.4.7.