CVE-2021-25072: 
WordPress vulnerability analysis and mitigation

The NextScripts: Social Networks Auto-Poster WordPress plugin before version 4.3.25 was identified with a Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2021-25072. The vulnerability was discovered by Krzysztof Zając and publicly disclosed on January 3, 2022. This security issue affected the plugin's post deletion functionality (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms when deleting items in the plugin. The issue received a CVSS v3.1 score of 6.5 (MEDIUM) and is classified under CWE-352. The vulnerability can be exploited through the endpoint 'wp-admin/admin.php?page=nxssnap-reposter&item=1&action=delete' (NVD, WPScan).

When successfully exploited, this vulnerability allows attackers to trick authenticated administrators into deleting arbitrary posts from the WordPress installation without their knowledge or consent. This could lead to unauthorized content removal and potential disruption of the website's operation (WPScan).

The vulnerability was patched in version 4.3.25 of the NextScripts: Social Networks Auto-Poster plugin. Users are advised to update to this version or later to protect against this security issue (WPScan).