VYPR

Social Auto Poster

by WordPress

CVEs (10)

  • CVE-2024-6756HigJul 24, 2024
    risk 0.57cvss 8.8epss 0.01

    The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with…

  • CVE-2024-6753HigJul 24, 2024
    risk 0.47cvss 7.2epss 0.01

    The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output…

  • CVE-2024-6750HigJul 24, 2024
    risk 0.47cvss 7.3epss 0.00

    The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add,…

  • CVE-2024-47369HigOct 5, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15.

  • CVE-2024-6755MedJul 24, 2024
    risk 0.42cvss 6.5epss 0.00

    The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for…

  • CVE-2024-6752MedJul 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output…

  • CVE-2024-6751MedJul 24, 2024
    risk 0.41cvss 6.3epss 0.00

    The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or…

  • CVE-2024-6754MedJul 24, 2024
    risk 0.35cvss 5.4epss 0.00

    The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated…

  • CVE-2023-26532MedNov 22, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.

  • CVE-2024-49272MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpweb Social Auto Poster social-auto-poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through <= 5.3.15.