cbcvebase.
CVE-2020-36831
published 2024-10-16

CVE-2020-36831: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user…

PriorityP181medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.49%
38.3th percentile
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextscriptsnextscripts_social_networks_auto-poster<= 4.3.17
nextscriptssocial_networks_auto_poster< 4.3.184.3.18

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.