Which NextScripts: Social Networks Auto-Poster CVEs are tracked?

NextScripts: Social Networks Auto-Poster tracked CVEs include CVE-2024-2088, CVE-2026-27379, CVE-2021-25072, CVE-2026-3228, and CVE-2024-37275.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 14 known issues Latest disclosed Mar 09, 2026

NextScripts: Social Networks Auto-Poster Vulnerabilities

Q: How many NextScripts: Social Networks Auto-Poster vulnerabilities have patch guidance?

14 of 14 tracked NextScripts: Social Networks Auto-Poster records include a published patch path.

Review known vulnerability records for the WordPress plugin NextScripts: Social Networks Auto-Poster (`social-networks-auto-poster-facebook-twitter-g`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-3228, CVE-2026-27379 and CVE-2024-37275, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Mar 10, 2026

Priority CVE Quick Links

Fast paths into NextScripts: Social Networks Auto-Poster CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-2088 High 4.4.4

CVE-2024-2088 NextScripts: Social Networks Auto-Poster Sensitive Information Exposure

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

CVE-2026-27379 High No patch listed

CVE-2026-27379 NextScripts: Social Networks Auto-Poster Vulnerability

NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection

CVE-2021-25072 Medium 4.3.25

CVE-2021-25072 NextScripts: Social Networks Auto-Poster Cross-Site Request Forgery

NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery

CVE-2026-3228 Medium 4.4.7

CVE-2026-3228 NextScripts: Social Networks Auto-Poster Stored Cross-Site Scripting

NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

CVE-2024-37275 Medium No patch listed

CVE-2024-37275 NextScripts: Social Networks Auto-Poster Cross-Site Scripting

NextScripts <= 4.4.6 - Reflected Cross-Site Scripting

CVE-2024-1762 Medium 4.4.4

CVE-2024-1762 NextScripts: Social Networks Auto-Poster Stored Cross-Site Scripting

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

CVE-2023-49183 Medium 4.4.3

CVE-2023-49183 NextScripts: Social Networks Auto-Poster Cross-Site Scripting

NextScripts <= 4.4.2 - Reflected Cross-Site Scripting via code

CVE-2021-24975 Medium 4.3.24

CVE-2021-24975 NextScripts: Social Networks Auto-Poster Stored Cross-Site Scripting

NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for NextScripts: Social Networks Auto-Poster so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

14 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 3 high severity findings.

Recent CVEs

CVE-2026-3228, CVE-2026-27379 and CVE-2024-37275

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-3228 Medium Patch path listed

CVE-2026-3228: NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6....

Published

Mar 09, 2026

Patch Status

4.4.7

Open CVE-2026-3228 Report

CVE-2026-27379 High No patch listed

CVE-2026-27379: NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.4.7 via deserialization of untrusted input. This m...

Published

Feb 24, 2026

Patch Status

Not published

Open CVE-2026-27379 Report

CVE-2024-37275 Medium No patch listed

CVE-2024-37275: NextScripts <= 4.4.6 - Reflected Cross-Site Scripting

The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This...

Published

Jun 27, 2024

Patch Status

Not published

Open CVE-2024-37275 Report

Known Vulnerabilities

Reports for NextScripts: Social Networks Auto-Poster

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-3228

CVE-2026-3228: NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post me...

Published

Mar 09, 2026

Patched Release

4.4.7

Affected Versions

Versions up to 4.4.6

Next Step

Update to 4.4.7 or newer if supported.

Open CVE-2026-3228 Report Open CVE Reference

Plugin High Patched: No CVE-2026-27379

CVE-2026-27379: NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.4.7 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published

Feb 24, 2026

Patched Release

Not published

Affected Versions

Versions up to 4.4.7

Next Step

Open the full report for remediation notes and references.

Open CVE-2026-27379 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-37275

CVE-2024-37275: NextScripts <= 4.4.6 - Reflected Cross-Site Scripting

The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t...

Published

Jun 27, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.4.6

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-37275 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1446

CVE-2024-1446: NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated...

Published

May 21, 2024

Patched Release

4.4.4

Affected Versions

Versions up to 4.4.3

Next Step

Update to 4.4.4 or newer if supported.

Open CVE-2024-1446 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-2088

CVE-2024-2088: NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and abov...

Published

May 21, 2024

Patched Release

4.4.4

Affected Versions

Versions up to 4.4.3

Next Step

Update to 4.4.4 or newer if supported.

Open CVE-2024-2088 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1762

CVE-2024-1762: NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthe...

Published

May 21, 2024

Patched Release

4.4.4

Affected Versions

Versions up to 4.4.3

Next Step

Update to 4.4.4 or newer if supported.

Open CVE-2024-1762 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-49183

CVE-2023-49183: NextScripts <= 4.4.2 - Reflected Cross-Site Scripting via code

The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

Published

Nov 29, 2023

Patched Release

4.4.3

Affected Versions

Versions up to 4.4.2

Next Step

Update to 4.4.3 or newer if supported.

Open CVE-2023-49183 Report Open CVE Reference

Plugin Medium Patched: Yes

NextScripts: Social Networks Auto-Poster <= 4.3.25 - Reflected Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 4.3.25. This makes it possible for unauthenticated attackers...

Published

Jul 04, 2022

Patched Release

4.3.26

Affected Versions

Versions up to 4.3.25

Next Step

Update to 4.3.26 or newer if supported.

Open Full Report

Plugin Medium Patched: Yes CVE-2021-25072

CVE-2021-25072: NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack

Published

Jan 03, 2022

Patched Release

4.3.25

Affected Versions

Versions before 4.3.25

Next Step

Update to 4.3.25 or newer if supported.

Open CVE-2021-25072 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-24975

CVE-2021-24975: NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue

Published

Jan 03, 2022

Patched Release

4.3.24

Affected Versions

Versions before 4.3.24

Next Step

Update to 4.3.24 or newer if supported.

Open CVE-2021-24975 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-38356

CVE-2021-38356: NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster

Published

Nov 28, 2021

Patched Release

4.3.21

Affected Versions

Versions up to 4.3.20

Next Step

Update to 4.3.21 or newer if supported.

Open CVE-2021-38356 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2020-36831

CVE-2020-36831: NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attac...

Published

Sep 05, 2020

Patched Release

4.3.18

Affected Versions

Versions up to 4.3.17

Next Step

Update to 4.3.18 or newer if supported.

Open CVE-2020-36831 Report Open CVE Reference