CVE-2026-1877 in Auto Post Scheduler Plugin信息

摘要 (英语)

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

负责

Wordfence

预定

2026-02-04

披露

2026-03-31

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符漏洞CWE可利用对策CVE
354320johnh10 Auto Post Scheduler Plugin Setting aps_options_page 跨网站脚本79未定义未定义CVE-2026-1877

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!