Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster
One of the changelog entries for the latest version of the WordPress plugin NextScripts: Social Networks Auto-Poster is:
…
5
Oct
2021
Tag Archives: NextScripts: Social Networks Auto-Poster
Plugin Security Scorecard Grade for NextScripts: Social Networks Auto-Poster
Checked on September 12, 2024F
See issues causing the plugin to get less than A+ grade
11
Feb
2019
Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster
One of the changelog entries for the latest version of NextScripts: Social Networks Auto-Poster is “Bug Fix – [Security] Several security fixes.” Looking at the changes made in that version we found that part of what that referred to was fixing a reflected cross-site scripting (XSS) we disclosed back in November (that plugin was never removed from the Plugin Directory, so the WordPress team knowingly left a vulnerable plugin in the Plugin Directory for several months). We also found that another reflected cross-site scripting (XSS) vulnerability had been fixed as well.
…
5
Nov
2018
Full Disclosure of Reflected XSS Vulnerability in WordPress Plugin with 100,000+ Installs
One of the ways that we continue to improve the quality of our automated tool for detecting possible security issues in WordPress plugins, the Plugin Security Checker, is by checking if vulnerabilities we are adding to our data set that should be detectable by that are in fact detected. That led to us running the plugin NextScripts: Social Networks Auto-Poster through it after we noticed that a reflected cross-site scripting (XSS) vulnerability had been fixed in it. Not only did it correctly spot the possibility of that vulnerability, but it noticed three other instances of possible reflected XSS vulnerabilities in the plugin that are still in the latest version of the plugin.
If you are a customer of our service you can access the tool’s developer mode, with that the first of those possible reflected XSS vulnerabilities is as follows: [Read more]
5
Nov
2018
Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in NextScripts: Social Networks Auto-Poster
From time to time a plugin is closed on the Plugin Directory for an unexplained security issue without the discoverer putting out a report on the vulnerability and we will put out a post detailing the possible vulnerability that led to that so that we can provide our customers with more complete information on the security of plugins they use.
…