June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Chinese Actor ‘SecShow’ Performs Wide-Reaching DNS Probing – Active IOCs
June 12, 2024
Multiple Apple visionOS Vulnerabilities
June 12, 2024
Chinese Actor ‘SecShow’ Performs Wide-Reaching DNS Probing – Active IOCs
June 12, 2024
Multiple Apple visionOS Vulnerabilities
June 12, 2024
Severity
High
Analysis Summary
CVE-2024-2088 CVSS:8.5
NextScripts: Social Networks Auto-Poster plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the 'nxs_getExpSettings' function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to extract sensitive data including social network API keys and secrets.
CVE-2023-32244 CVSS:9.8
XTemos Woodmart Core Plugin for WordPress could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32242 CVSS:9.8
XTemos Woodmart Core Plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Information Disclosure
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-2088
- CVE-2023-32244
- CVE-2023-32242
Affected Vendors
WordPress
Affected Products
- NextScripts: Social Networks Auto-Poster plugin for WordPress 4.4.3
- XTemos Woodmart Core Plugin for WordPress 1.0.36
- XTemos WoodMart - Multipurpose WooCommerce Theme 1.0.36
Remediation
Upgrade to the latest version of plugin for WordPress, available from the WordPress Plugin Directory.
