Wednesday, February 8, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > XSS vulnerability discovered in NextScripts: Social Networks Auto-Poster plugin

XSS vulnerability discovered in NextScripts: Social Networks Auto-Poster plugin

Wordfence security researchers discovered an XSS vulnerability in the WordPress Social Networks Auto-Poster plugin which affects over 100,000 websites.


Atalay Kelestemur Atalay Kelestemur
November 2, 2021
2 min read
XSS vulnerability discovered in NextScripts: Social Networks Auto-Poster plugin

Wordfence Threat Intelligence team discovered the XSS vulnerability in the popular plugin on August 19, 2021. The WordPress plugin is already installed on more than 100,000 websites, which means it is a very critical vulnerability for the WordPress community. Thanks to the Wordfence team the developers released a patched version of the plugin; 4.3.21 on October 4, 2021.

POST over GET method

The vulnerability is addressed as CVE-2021-38356 and lets the attacker carry out an attack by triggering the faulty function in the plugin. The nxs_ReposterListTable::column_title function in inc/nxs_class_snap.php echoes out the value of $_REQUEST[‘page’] when an administrator visits the plugin administration page at wp-admin/admin.php?admin.php?page=nxssnap-post.

function column_post_title($item){
//Build row actions
$actions = array(
'edit' => sprintf('Edit',$_REQUEST['page'],'edit',$item->ID),
'delete' => sprintf('Delete',$_REQUEST['page'],'delete',$item->ID),
);
//Return the title contents
return sprintf('%1$s (id:%2$s)%3$s',
/*$1%s*/ $item->post_title,
/*$2%s*/ $item->ID,
/*$3%s*/ $this->row_actions($actions)
);
}

WordPress uses the value of the $_GET[‘page’] parameter to determine which administrative pages the content is served to. It is a common practice for developers to use $_REQUEST for values stored in $_GET and/or $_POST, as the $_REQUEST superglobal contains all data set in both methods. For $_REQUEST[‘page’] is expected to be set to the same value as $_GET[‘page’] that leads to a reflected XSS attack because of the multiple global variables..

Most of the system administrators set the PHP configuration for $_POST to take precedence over $_GET when populating $_REQUEST. Simply put, if both methods – $_GET[‘page’] and $_POST[‘page’] are set, $_REQUEST[‘page’] is set to the contents of $_POST[‘page’] which means that is is possible to execute JavaScript in the browser of a logged-in-administrator by self-submitting form, which sent a POST request to the website.

Example: https://example.com/wp-admin/admin.php?page=nxssnap-post, with the $_POST[‘page’] parameter set to malicious JavaScript.

Possible to take over the website

The $_GET[‘page’] parameter can also be set to nxssnap-post, which lets WordPress route the victim to the correct page. After routing the victim, the malicious JavaScript in $_POST[‘page’] can be echoed out on the page.

Because the attacker has the administrative privilege, it is also possible to execute malicious JavaScript code running in the administrator session, which can lead to adding malicious administrative users or inserting backdoors into the website. At that point, it is very easy to take over the website! If you are one of the plugin users and the version of the plugin installed on your system is lower than 4.3.21 we highly recommend you update it urgently.

Note: At the time of writing this article, the current stable version was 4.3.23.

Download the latest version of NextScripts: Social Networks Auto-Poster plugin

See more Cybersecurity News


Tags: Vulnerability
Atalay Kelestemur

Atalay Kelestemur

Atalay Kelestemur is the Editor-in-Chief of Cloud7 News. Also, he is the Program Manager of AlmaLinux OS, an open-source, community-driven Linux operating system. He was most recently the chief editor of T3. Prior to that, he was the managing editor of BYTE. He also served as a software editor in PC World. Atalay Kelestemur has covered the technology industry since 1996, publishing articles in PC Net, IT Pro, Computer World, PC Life, CyberMag, and CIO magazines. Atalay Kelestemur is an information system security professional and his area of expertise includes Linux security, penetration testing, secure software development, malware removal, and computer forensics. Atalay Kelestemur is the author of Pardus 2011, Ubuntu, Windows 8, and Siber Istihbarat (Cyber Intelligence). Atalay graduated with a Bachelor's Degree in Maritime from Istanbul Technical University. He earned a master's degree in political science from Gedik University, where he wrote his thesis on The Importance of Cyber Intelligence on Public Security. Now he is working on his Ph.D. thesis on international trade, covering the cybersecurity threats and countermeasures on the maritime industry.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Rocket.net launches its new product, Managed WordPress Reseller Hosting

Rocket.net launches its new product, Managed WordPress Reseller Hosting

Related News

New local privilege escalation vulnerability strikes X.Org server

New local privilege escalation vulnerability strikes X.Org server

February 7, 2023 9:45 pm
Red Hat brings new security capabilities to Red Hat OpenShift

Red Hat brings new security capabilities to Red Hat OpenShift

February 7, 2023 8:55 pm
Cisco fixes command injection vulnerability

Cisco fixes command injection vulnerability

February 6, 2023 5:00 pm
Fortra's GoAnywhere managed file transfer is under attack

Fortra’s GoAnywhere managed file transfer is under attack

February 6, 2023 4:00 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • New local privilege escalation vulnerability strikes X.Org server
  • Red Hat brings new security capabilities to Red Hat OpenShift
  • With BuddyPress 12.0, BP Rewrites will support backward compatibility
  • Dell to lay off 6,650 employees
  • Canonical joins the Academy Software Foundation

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.