In yet another vulnerability that could have serious repercussions, cybersecurity researchers have discovered a cross-site scripting(XSS) bug in the NextScripts: Social Networks Auto-Poster plugin for WordPress.
The plugin is used to automatically publish posts from websites to any of the configured social media accounts in a fully automated manner.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
While explaining the bug, Gall notes that the XSS vulnerability reared its head because of a relatively obscure peculiarity of how PHP handles superglobal variables.
The vulnerability was disclosed to the plugin’s developer in August, and a patched update of the plugin was released in early October.
Wordfence suggests all users of the plugin update to its latest version to prevent abuse of their WordPress websites.