Vulnerabilities and security researches forwp-fb-autoconnect wp-fb-autoconnect
Direction: ascendingJun 07, 2024
WP Social AutoConnect # 2959a12b24f6cfb7310d7233db0be16ded57dca3
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 14, 2014
- Research Description
- WP Social AutoConnect [wp-fb-autoconnect] < 4.0.6 WordPress WP-FB-AutoConnect Plugin <= 4.0.5 - Multiple Vulnerabilities This plugin is prone to a cross site request forgery and cross site scripting. Attackers can perform XSS attacks and change the plugins admin settings by tricking a logged in admin to visit a crafted page. Upgrade this plugin.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Social AutoConnect # CVE-2023-37974
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 17, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 05, 2025
WP Social AutoConnect # CVE-2024-12279
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 04, 2025
- Research Description
- The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 02, 2025
WP Social AutoConnect # CVE-2025-50022
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 20, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable