The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].
References
Link | Resource |
---|---|
https://www.wordfence.com/blog/2021/10/xss-vulnerability-in-nextscripts-social-networks-auto-poster-plugin-impacts-100000-sites/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-11-28T00:00:00
Updated: 2021-11-01T21:01:08
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-38356
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-01T21:15:07.680
Modified: 2021-11-02T19:52:50.427
Link: CVE-2021-38356
JSON object: View
Redhat Information
No data.
CWE