11 Feb

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster

This post provides the details of a vulnerability in the WordPress plugin NextScripts: Social Networks Auto-Poster not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

05 Nov

Full Disclosure of Reflected XSS Vulnerability in WordPress Plugin with 100,000+ Installs

One of the ways that we continue to improve the quality of our automated tool for detecting possible security issues in WordPress plugins, the Plugin Security Checker, is by checking if vulnerabilities we are adding to our data set that should be detectable by that are in fact detected. That led to us running the plugin NextScripts: Social Networks Auto-Poster through it after we noticed that a reflected cross-site scripting (XSS) vulnerability had been fixed in it. Not only did it correctly spot the possibility of that vulnerability, but it noticed three other instances of possible reflected XSS vulnerabilities in the plugin that are still in the latest version of the plugin.

[Read more]

05 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in NextScripts: Social Networks Auto-Poster

This post provides the details of a vulnerability in the WordPress plugin NextScripts: Social Networks Auto-Poster not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service. If you are not currently a subscriber, you can try out the service for free and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]