CVE-2024-1762 MEDIUM

CVE-2024-1762: NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

Vendor Nextscripts
Product NextScripts: Social Networks Auto-Poster
Weakness CWE-79 · XSS
Published May 22, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view "All Cron Events" in order for the injection to fire.

Key dates

02Disclosure timeline

May 22, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-4281 Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode CVE-2024-8653 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module CVE-2023-23998 WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) CVE-2022-39181 GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS) CVE-2025-8290 List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter