cleantalk
Vulnerabilities and Security Researches

Post to Social Media – WordPress to Hootsuite, 7c82c35a9a3ccab85cabe63948af25d9412a9a27

CVE, Research URL

7c82c35a9a3ccab85cabe63948af25d9412a9a27

Home page URL

Security reports for Post to Social Media – WordPress to Hootsuite

Application

Post to Social Media – WordPress to Hootsuite

Published on
Aug 05, 2022
Research Description
Post to Social Media &#8211; WordPress to Hootsuite [wp-to-hootsuite] < 1.4.6 WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting The WordPress to Hootsuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.4.6.
Status
vulnerable
Previous vulnerability researches
Post to Social Media &#8211; WordPress to Hootsuite (7c82c35a9a3ccab85cabe63948af25d9412a9a27) , Jun 07, 2024
Post to Social Media &#8211; WordPress to Hootsuite (CVE-2025-32267) , Apr 06, 2025
New vulnerability
WP Editor (CVE-2025-3295) , Apr 18, 2025
WP Editor (CVE-2025-3294) , Apr 18, 2025
Conditional Payments for WooCommerce (CVE-2025-39563) , Apr 18, 2025
Deliver via Shipos for WooCommerce (CVE-2025-32533) , Apr 18, 2025
Checkout for PayPal (CVE-2025-39572) , Apr 18, 2025