VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Oct 14, 2024

Social Auto Poster Vulnerabilities

Review known vulnerability records for the WordPress plugin Social Auto Poster (`social-auto-poster`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-49272, CVE-2024-47369 and CVE-2024-6755, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
3
Patch Coverage
100%
Last Updated
Oct 18, 2024
Priority CVE Quick Links

Fast paths into Social Auto Poster CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-6756 High 5.3.15
CVE-2024-6756 Social Auto Poster Remote Code Execution

Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload

CVE-2024-6750 High 5.3.15
CVE-2024-6750 Social Auto Poster Vulnerability

Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions

CVE-2024-6753 High 5.3.15
CVE-2024-6753 Social Auto Poster Stored Cross-Site Scripting

Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-6755 Medium 5.3.15
CVE-2024-6755 Social Auto Poster Vulnerability

Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

CVE-2024-6752 Medium 5.3.15
CVE-2024-6752 Social Auto Poster Stored Cross-Site Scripting

Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE-2024-6751 Medium 5.3.15
CVE-2024-6751 Social Auto Poster Cross-Site Request Forgery

Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions

CVE-2024-47369 Medium 5.3.16
CVE-2024-47369 Social Auto Poster Cross-Site Scripting

Social Auto Poster <= 5.3.15 - Reflected Cross-Site Scripting

CVE-2024-6754 Medium 5.3.15
CVE-2024-6754 Social Auto Poster Vulnerability

Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Social Auto Poster so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 3 high severity findings.
Recent CVEs
CVE-2024-49272, CVE-2024-47369 and CVE-2024-6755
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Social Auto Poster

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-49272
CVE-2024-49272: Social Auto Poster <= 5.3.15 - Cross-Site Request Forgery

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actio...

Published
Oct 14, 2024
Patched Release
5.3.16
Affected Versions
Versions up to 5.3.15
Next Step
Update to 5.3.16 or newer if supported.
Open CVE-2024-49272 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47369
CVE-2024-47369: Social Auto Poster <= 5.3.15 - Reflected Cross-Site Scripting

The Social Auto Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published
Sep 30, 2024
Patched Release
5.3.16
Affected Versions
Versions up to 5.3.15
Next Step
Update to 5.3.16 or newer if supported.
Open CVE-2024-47369 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6755
CVE-2024-6755: Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticat...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6755 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6751
CVE-2024-6751: Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or de...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6751 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-6753
CVE-2024-6753: Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output esca...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6753 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6754
CVE-2024-6754: Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, w...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6754 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6752
CVE-2024-6752: Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escap...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6752 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-6750
CVE-2024-6750: Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modi...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6750 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-6756
CVE-2024-6756: Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contribu...

Published
Jul 23, 2024
Patched Release
5.3.15
Affected Versions
Versions up to 5.3.14
Next Step
Update to 5.3.15 or newer if supported.
Open CVE-2024-6756 Report Open CVE Reference