cleantalk
Vulnerabilities and Security Researches

NextScripts: Social Networks Auto-Poster, CVE-2024-1762

CVE, Research URL

CVE-2024-1762

Home page URL

Security reports for NextScripts: Social Networks Auto-Poster

Application

NextScripts: Social Networks Auto-Poster

Published on
May 22, 2024
Research Description
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view "All Cron Events" in order for the injection to fire.
Affected versions
max 4.4.4.
Status
vulnerable
Previous vulnerability researches
NextScripts: Social Networks Auto-Poster (CVE-2024-37275) , Jul 01, 2024
NextScripts: Social Networks Auto-Poster (CVE-2019-9911) , Jun 07, 2024
NextScripts: Social Networks Auto-Poster (CVE-2021-24975) , Jun 07, 2024
NextScripts: Social Networks Auto-Poster (CVE-2021-25072) , Jun 07, 2024
NextScripts: Social Networks Auto-Poster (CVE-2021-38356) , Jun 07, 2024
New vulnerability
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25363) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2025-15524) , Mar 29, 2026
Photo Gallery by 10Web – Mobile-Friendly Image Gallery (CVE-2026-27360) , Mar 29, 2026