11 Feb

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in NextScripts: Social Networks Auto-Poster

This post provides the details of a vulnerability in the WordPress plugin NextScripts: Social Networks Auto-Poster not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]

05 Nov

Full Disclosure of Reflected XSS Vulnerability in WordPress Plugin with 100,000+ Installs

One of the ways that we continue to improve the quality of our automated tool for detecting possible security issues in WordPress plugins, the Plugin Security Checker, is by checking if vulnerabilities we are adding to our data set that should be detectable by that are in fact detected. That led to us running the plugin NextScripts: Social Networks Auto-Poster through it after we noticed that a reflected cross-site scripting (XSS) vulnerability had been fixed in it. Not only did it correctly spot the possibility of that vulnerability, but it noticed three other instances of possible reflected XSS vulnerabilities in the plugin that are still in the latest version of the plugin.

If you are a customer of our service you can access the tool’s developer mode, with that the first of those possible reflected XSS vulnerabilities is as follows: [Read more]

05 Nov

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in NextScripts: Social Networks Auto-Poster

This post provides the details of a vulnerability in the WordPress plugin NextScripts: Social Networks Auto-Poster not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to subscribers of our service.

If you were using our service you would have already been warned about this vulnerability if your website is vulnerable due to it. [Read more]