CVE-2020-36831

MEDIUM EXPLOITED

NextScripts: Social Networks Auto-Poster <4.3.17 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-36831 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.

Scores

CVSS v3 5.0
EPSS 0.0049
EPSS Percentile 38.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-10-15
CWE
CWE-284 CWE-862
Status published
Products (2)
nextscripts/NextScripts: Social Networks Auto-Poster < 4.3.17
nextscripts/social_networks_auto_poster < 4.3.18
Published Oct 16, 2024
Tracked Since Feb 18, 2026