Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, etc.

During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin.

Disclosure / Response Timeline:

  • August 24, 2020: Initial contact attempt.

Continue reading Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster at Sucuri Blog.

Via Sucuri.net

Tags: