Main Vulnerability Database Vulnerabilities #VU46299

Permissions, Privileges, and Access Controls in NextScripts: Social Networks Auto-Poster - #VU46299

Published: September 7, 2020

Vulnerability identifier: #VU46299

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NextScripts: Social Networks Auto-Poster

Software vendor:
NextScripts

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote authenticated attacker can remove posts (by corrupting the post type and other data), post arbitrary information in the site social networks and change the plugin settings.

Remediation

Install updates from vendor's website.

External links

https://wpvulndb.com/vulnerabilities/10390/
https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html

Permissions, Privileges, and Access Controls in NextScripts: Social Networks Auto-Poster - #VU46299

Description

Remediation

External links

Please verify you're human