What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite wp-to-hootsuite allows Cross Site Request Forgery.This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through <= 1.5.8.
Explanation of Vulnerability in Simple Terms
02Summary
The Post to Social Media plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability in versions up to 1.5.8. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unauthorized actions on the site without the admin's knowledge or consent. This could allow the attacker to modify plugin settings or trigger unintended social media posting actions.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on the site by tricking an admin into visiting a malicious webpage.
Potential impact on your site
04Site Impact
An attacker could change plugin settings or trigger unwanted social media posts without your permission.
Conditions required to exploit
05Prerequisites
Site admin must be logged in and visit a page controlled by the attacker.
Key dates
06Disclosure timeline
April 4, 2025
CVE published
April 28, 2026
Record updated