CVE-2024-6751: 
WordPress vulnerability analysis and mitigation

The Social Auto Poster WordPress plugin (versions up to and including 5.3.14) contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2024-6751. The vulnerability was discovered and disclosed by Wordfence, with the initial report published on July 23, 2024. The vulnerability affects the plugin's multiple functions due to missing or incorrect nonce validation (NVD).

The vulnerability stems from missing or incorrect nonce validation on multiple functions within the Social Auto Poster plugin. This security flaw has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. Wordfence assigned a slightly different CVSS score of 6.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD).

The vulnerability allows unauthenticated attackers to add, modify, or delete post meta and plugin options. This could potentially lead to unauthorized manipulation of the plugin's functionality and WordPress post metadata (NVD).

Users should upgrade to version 5.3.15 or later of the Social Auto Poster plugin to address this vulnerability. The fix was implemented in the newer version that addresses the CSRF vulnerability by properly implementing nonce validation (CodeCanyon).