CVE-2020-36831
published 2024-10-16CVE-2020-36831: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user…
PriorityP181medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.49%
38.3th percentile
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextscripts | nextscripts_social_networks_auto-poster | <= 4.3.17 | — |
| nextscripts | social_networks_auto_poster | < 4.3.18 | 4.3.18 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pfx-jfj6-q6ch: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple u
ghsa_unreviewed·2024-10-16
CVE-2020-36831 [MEDIUM] CWE-284 GHSA-4pfx-jfj6-q6ch: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple u
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.
VulnCheck
NextScripts: Social Networks Auto-Poster plugin for WordPress Multiple User privilege/security Functions Vulnerability
vulncheck·2020·CVSS 5.0
CVE-2020-36831 [MEDIUM] NextScripts: Social Networks Auto-Poster plugin for WordPress Multiple User privilege/security Functions Vulnerability
NextScripts: Social Networks Auto-Poster plugin for WordPress Multiple User privilege/security Functions Vulnerability
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.
Affected: NextScripts NextScripts: Social Networks Auto-Poster plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.htmlhttps://wpscan.com/vulnerability/0641578b-16b9-4d79-af69-b4886840da36https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-nextscripts-social-networks-auto-poster-security-bypass-4-3-17/https://www.wordfence.com/threat-intel/vulnerabilities/id/3709465d-6d67-45bd-abb9-4875065b8129?source=cve
2024-10-16
Published
Exploited in the wild