Wordpress
September 4, 2020

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, etc.

During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin.

Disclosure / Response Timeline:

  • August 24, 2020: Initial contact attempt.

Continue reading Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity…

Read Story
Wordpress
November 21, 2023

Medium Severity Vulnerability Patched in User Profile Picture Plugin

On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in…

Read Story
Wordpress
March 3, 2021

WordPress Vulnerability & Patch Roundup September 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
November 24, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.