Social Auto Poster
by WordPress
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6756 | Hig | 0.57 | 8.8 | 0.01 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-6753 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output… | ||
| CVE-2024-6750 | Hig | 0.47 | 7.3 | 0.00 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add,… | ||
| CVE-2024-47369 | Hig | 0.46 | 7.1 | 0.00 | Oct 5, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15. | ||
| CVE-2024-6755 | Med | 0.42 | 6.5 | 0.00 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for… | ||
| CVE-2024-6752 | Med | 0.42 | 6.4 | 0.00 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output… | ||
| CVE-2024-6751 | Med | 0.41 | 6.3 | 0.00 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or… | ||
| CVE-2024-6754 | Med | 0.35 | 5.4 | 0.00 | Jul 24, 2024 | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated… | ||
| CVE-2023-26532 | Med | 0.35 | 5.4 | 0.00 | Nov 22, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. | ||
| CVE-2024-49272 | Med | 0.28 | 4.3 | 0.00 | Oct 20, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in wpweb Social Auto Poster social-auto-poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through <= 5.3.15. |
- risk 0.57cvss 8.8epss 0.01
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with…
- risk 0.47cvss 7.2epss 0.01
The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output…
- risk 0.47cvss 7.3epss 0.00
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add,…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15.
- risk 0.42cvss 6.5epss 0.00
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for…
- risk 0.42cvss 6.4epss 0.00
The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output…
- risk 0.41cvss 6.3epss 0.00
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or…
- risk 0.35cvss 5.4epss 0.00
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wpweb Social Auto Poster social-auto-poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through <= 5.3.15.