CVE-2025-12076

Name of the Vulnerable Software and Affected Versions The Social Media Auto Publish plugin for WordPress versions up to and including 3.6.5

Description The software is susceptible to Reflected Cross-Site Scripting through the PostMessage parameter due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link, to execute the injected scripts.

Recommendations Update The Social Media Auto Publish plugin to a version later than 3.6.5.