Vulnerabilities and security researches forwp-to-hootsuite wp-to-hootsuite

Jun 07, 2024

CVE, Research URL: 7c82c35a9a3ccab85cabe63948af25d9412a9a27
Home page URL: Security reports for Post to Social Media – WordPress to Hootsuite
Application: Post to Social Media – WordPress to Hootsuite
Date: Aug 05, 2022
Research Description: Post to Social Media – WordPress to Hootsuite [wp-to-hootsuite] < 1.4.6 WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting The WordPress to Hootsuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32267
Home page URL: Security reports for Post to Social Media – WordPress to Hootsuite
Application: Post to Social Media – WordPress to Hootsuite
Date: Apr 04, 2025
Research Description: Post to Social Media – WordPress to Hootsuite [wp-to-hootsuite] < 1.6.0 CVE-2025-32267 [en] Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.
Affected versions: Min -, max -.
Status: vulnerable