WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social...

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Description

Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through 2020.1.0.

Basic Information

ID CVE-2025-58846

Source Patchstack

Published Sep 5, 2025 at 13:45

Affected Product

Vendor Dejan Markovic

Product WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule

Version n/a

Affected Versions Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule n/a

CWE Classification

CWE-352

References

patchstack.com /database/wordpress/plugin/buffer-my-post/vulnerability/wordpress-wordpress-buffer-hypesocial-social-media-auto-post-social-media-auto-publish-and-schedule-plugin-2020-1-0-cross-site-request-forgery-csrf-vulnerability

{
    "lastseen": "",
    "description": "Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through 2020.1.0.",
    "published": "2025-09-05T13:45:32.601Z",
    "modified": "2025-09-05T13:45:32.601Z",
    "type": "cve",
    "title": "WordPress WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/buffer-my-post/vulnerability/wordpress-wordpress-buffer-hypesocial-social-media-auto-post-social-media-auto-publish-and-schedule-plugin-2020-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
    "id": "CVE-2025-58846",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "Dejan Markovic WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WordPress Buffer \u2013 HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule",
    "version": "n/a",
    "vendor": "Dejan Markovic",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability_CVE-2025-58846