Unrated severityNVD Advisory· Published Nov 1, 2021· Updated Mar 31, 2025
NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting
CVE-2021-38356
Description
The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].
Affected products
2- Range: <=4.3.20
- Range: 4.3.20
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.