In yet another vulnerability that could have serious repercussions, cybersecurity researchers have discovered a cross-site scripting(XSS) bug in the NextScripts: Social Networks Auto-Poster plugin for WordPress.
The plugin is used to automatically publish posts from websites to any of the configured social media accounts in a fully automated manner.
While explaining the bug, Gall notes that the XSS vulnerability reared its head because of a relatively obscure peculiarity of how PHP handles superglobal variables.
The vulnerability was disclosed to the plugin’s developer in August, and a patched update of the plugin was released in early October.
Wordfence suggests all users of the plugin update to its latest version to prevent abuse of their WordPress websites.