VYPR
Unrated severityNVD Advisory· Published Nov 1, 2021· Updated Mar 31, 2025

NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting

CVE-2021-38356

Description

The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.