Login Sign Up

CVE-2024-1762

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the NextScripts Social Networks Auto-Poster plugin. The scripts execute when users view the 'All Cron Events' page, potentially compromising user sessions or redirecting to malicious sites. All WordPress sites using this plugin up to version 4.4.3 are affected.

💻 Affected Systems

Products:
  • NextScripts: Social Networks Auto-Poster WordPress plugin
Versions: All versions up to and including 4.4.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the plugin to be installed and active. Exploitation requires users to access the 'All Cron Events' page.

📦 What is this software?

Social Networks Auto Poster by Nextscripts

View all CVEs affecting Social Networks Auto Poster →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Session hijacking, cookie theft, or malicious redirects affecting users who view the Cron Events page.

🟢

If Mitigated

Limited impact if only trusted users access the Cron Events page and proper web application firewalls are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward via HTTP_USER_AGENT header manipulation. Public proof-of-concept exists in vulnerability references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.4 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084635%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&old=3004433%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&sfp_email=&sfph_mail=#file17

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'NextScripts: Social Networks Auto-Poster'. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.4.4+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Restrict access to Cron Events page

all

Limit access to the vulnerable 'All Cron Events' page to trusted administrators only.

Web Application Firewall rule

all

Block or sanitize HTTP_USER_AGENT headers containing script tags.

🧯 If You Can't Patch

  • Disable the NextScripts Social Networks Auto-Poster plugin immediately
  • Implement strict Content Security Policy (CSP) headers to prevent script execution

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 4.4.3 or lower, you are vulnerable.

Check Version:

wp plugin list --name='NextScripts: Social Networks Auto-Poster' --field=version

Verify Fix Applied:

Confirm plugin version is 4.4.4 or higher after update. Test by attempting to inject script via HTTP_USER_AGENT header and checking if it executes.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP_USER_AGENT strings containing script tags or JavaScript in web server logs
  • Multiple failed attempts to access /wp-admin/admin.php?page=nxs-snap-cron

Network Indicators:

  • HTTP requests with malicious script content in User-Agent headers

SIEM Query:

source="web_logs" AND (http_user_agent="*<script>*" OR http_user_agent="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-1762
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: May 22, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1762, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)