Wordpress
September 4, 2020

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, etc.

During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin.

Disclosure / Response Timeline:

  • August 24, 2020: Initial contact attempt.

Continue reading Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in…

Read Story
Wordpress
February 6, 2024

How to remove cartoonmines.com redirect malware

For the love of God make it stop..how to remove the linetoadsactive redirect (and others) *This guide is for removing…

Read Story
Wordpress
September 28, 2021

Vulnerability & Patch Roundup — June 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
June 30, 2022

Emergency WordPress Help

One of our techs will get back to you within minutes.