WP-Safety

NextScripts: Social Networks Auto-Poster Security & Risk Analysis

wordpress.org/plugins/social-networks-auto-poster-facebook-twitter-g

Automatically publishes blogposts to profiles/pages/groups on Twitter, Google+, Pinterest, LinkedIn, Blogger, Tumblr ... 22 more

30K active installs v4.4.7 PHP + WP 6.0+ Updated Feb 26, 2026
autopostrepostsharingsocial-mediasocial-networks
40
D · High Risk
CVEs total14
Unpatched2
Last CVEMar 9, 2026
Plugin page Download
Safety Verdict

Is NextScripts: Social Networks Auto-Poster Safe to Use in 2026?

High Risk

Score 40/100

NextScripts: Social Networks Auto-Poster carries significant security risk with 14 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

14 known CVEs 2 unpatched Last CVE: Mar 9, 2026Updated 2mo ago
Risk Assessment

The plugin "social-networks-auto-poster-facebook-twitter-g" version 4.4.7 presents a mixed security posture with several areas of concern that outweigh its strengths. While it utilizes prepared statements for SQL queries and a significant portion of its output is properly escaped, the presence of unprotected AJAX handlers and dangerous functions like `create_function` and `unserialize` indicates potential vulnerabilities. The history of 14 CVEs, with 2 currently unpatched and a prevalence of high and medium severity issues including Deserialization of Untrusted Data, CSRF, and Improper Access Control, strongly suggests a pattern of recurring security weaknesses.

The static analysis reveals an attack surface with 7 AJAX handlers, 7 of which lack authentication checks, posing a significant risk of unauthorized actions. The use of dangerous functions like `unserialize` without proper sanitization on user-supplied data is a critical concern, potentially leading to deserialization vulnerabilities. Furthermore, the taint analysis shows a high number of flows with unsanitized paths (37), although no critical or high severity flows were explicitly identified in this analysis, the sheer volume suggests a potential for overlooked vulnerabilities.

In conclusion, despite some good security practices in place, the significant number of unprotected entry points, the presence of dangerous functions, and the extensive history of vulnerabilities, particularly those related to deserialization and access control, indicate a substantial risk. The plugin requires immediate attention to address unpatched vulnerabilities and to implement robust authentication and input sanitization for all entry points, especially AJAX handlers.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous functions present (unserialize, create_function)
  • Unpatched CVEs
  • High number of unsanitized taint flows
  • High severity vulnerability history (3 high)
Vulnerabilities
14 published

NextScripts: Social Networks Auto-Poster Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2019
2019
1 CVE in 2020
2020
1 CVE in 2021
2021
3 CVEs in 2022
2022
1 CVE in 2023
2023
4 CVEs in 2024 · unpatched
2024
2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
3
Medium
11

14 total CVEs

CVE-2026-3228medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

Mar 9, 2026 Patched in 4.4.7 (1d)
CVE-2026-27379high · 7.5Deserialization of Untrusted Data

NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection

Feb 24, 2026Unpatched
CVE-2024-37275medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts <= 4.4.6 - Reflected Cross-Site Scripting

Jun 27, 2024Unpatched
CVE-2024-1446medium · 5.4Cross-Site Request Forgery (CSRF)

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

May 21, 2024 Patched in 4.4.4 (1d)
CVE-2024-2088high · 8.5Exposure of Sensitive Information Through Data Queries

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

May 21, 2024 Patched in 4.4.4 (1d)
CVE-2024-1762medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

May 21, 2024 Patched in 4.4.4 (1d)
CVE-2023-49183medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts <= 4.4.2 - Reflected Cross-Site Scripting via code

Nov 29, 2023 Patched in 4.4.3 (55d)
WF-752caefe-7e87-4d4f-89e0-fbd28e4076c4-social-networks-auto-poster-facebook-twitter-gmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.3.25 - Reflected Cross-Site Scripting

Jul 4, 2022 Patched in 4.3.26 (568d)
CVE-2021-24975medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting

Jan 3, 2022 Patched in 4.3.24 (750d)
CVE-2021-25072medium · 6.5Cross-Site Request Forgery (CSRF)

NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery

Jan 3, 2022 Patched in 4.3.25 (750d)
CVE-2021-38356medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting

Nov 28, 2021 Patched in 4.3.21 (785d)
CVE-2020-36831medium · 5Improper Access Control

NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization

Sep 5, 2020 Patched in 4.3.18 (1502d)
CVE-2019-9911medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 4.2.7 - Reflected Cross-Site Scripting

Feb 5, 2019 Patched in 4.2.8 (1813d)
WF-9d2df49d-0276-403d-9fe8-00fdf7262818-social-networks-auto-poster-facebook-twitter-ghigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NextScripts: Social Networks Auto-Poster <= 3.4.17 - Stored Cross-Site Scripting

May 25, 2015 Patched in 3.4.18 (3165d)
Version History

NextScripts: Social Networks Auto-Poster Release Timeline

v3.8.813 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +10 more
v3.4.3113 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +10 more
v3.2.314 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v3.1.214 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v3.0.914 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v2.7.2214 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v2.7.1414 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v2.6.314 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v2.5.514 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v2.4.814 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v1.9.1314 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v1.7.014 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
v1.6.114 CVEs
CVE-2021-24975 CVE-2023-49183 CVE-2021-38356 +11 more
Code Analysis
Analyzed Mar 16, 2026

NextScripts: Social Networks Auto-Poster Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
81 prepared
Unescaped Output
523
2299 escaped
Nonce Checks
12
Capability Checks
49
File Operations
13
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

create_function$pval['rpstCustTD'] = array_filter($pval['rpstCustTD'], create_function('$value', 'global $nxs_cTimeinc\nxs_class_flt.php:268
unserialize$rq = new nxsHttp; $ret = $rq->request('http://ip-api.com/php/'.$ip['ip'].'?fields=countryCode,regioinc\nxs_functions.php:181
create_function$rpstrOpts['rpstCustTD'] = array_filter($rpstrOpts['rpstCustTD'], create_function('$value', 'global inc\nxs_functions_engine.php:290
unserialize$post = unserialize($row['extInfo']); $arrOut = nxs_postFromForm($post, $networks, true); $wpdb->dinc\nxs_functions_engine.php:301

SQL Query Safety

100% prepared81 total queries

Output Escaping

81% escaped2822 total outputs
Data Flows · Security
37 unsanitized

Data Flow Analysis

25 flows37 with unsanitized paths
nxs_snapAjax (inc\nxs_functions_adv.php:2)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

NextScripts: Social Networks Auto-Poster Attack Surface

Entry Points11
Unprotected7

AJAX Handlers 7

authwp_ajax__ajax_fetch_custom_listinc\nxs_class_snap.php:1671
authwp_ajax_nxsDoLicinc\nxs_functions_wp.php:342
authwp_ajax_nxs_saveSiteSetsNextScripts_SNAP.php:49
authwp_ajax_nxs_getExpSettingsNextScripts_SNAP.php:59
authwp_ajax_nxs_clLgoNextScripts_SNAP.php:61
authwp_ajax_nxs_rfLgoNextScripts_SNAP.php:62
authwp_ajax_nxs_snap_ajNextScripts_SNAP.php:64

Shortcodes 4

[nxs_postedlinks] inc\nxs_functions_adv.php:470
[nxs-ntinsrlist] inc\nxs_functions_adv.php:481
[nxs_fbembed] inc-cl\fb.php:589
[nxs_links] NextScripts_SNAP.php:78
WordPress Hooks 49
actionadmin_headinc\nxs_class_flt.php:13
actionadmin_enqueue_scriptsinc\nxs_class_flt.php:14
filterpre_get_postsinc\nxs_class_flt.php:896
filterposts_whereinc\nxs_class_flt.php:1113
actionhttp_api_curlinc\nxs_class_http.php:26
actionadmin_menuinc\nxs_class_mgmt.php:13
actionadmin_enqueue_scriptsinc\nxs_class_mgmt.php:91
actionnetwork_admin_menuinc\nxs_class_snap.php:13
actionadmin_noticesinc\nxs_class_snap.php:75
actionadmin_enqueue_scriptsinc\nxs_class_snap.php:92
actionwp_headinc\nxs_class_snap.php:93
actionadmin_enqueue_scriptsinc\nxs_class_snap.php:178
actionadmin_menuinc\nxs_class_snap.php:1833
actionadmin_footerinc\nxs_class_snap.php:1836
actionwp_loadedinc\nxs_functions_engine.php:315
actionadmin_noticesinc\nxs_functions_wp.php:5
filterplugin_row_metainc\nxs_functions_wp.php:8
filterplugin_action_linksinc\nxs_functions_wp.php:8
filterplugin_action_linksinc\nxs_functions_wp.php:27
filterplugin_row_metainc\nxs_functions_wp.php:49
actionadmin_bar_menuinc\nxs_functions_wp.php:161
actionwp_headinc\nxs_functions_wp.php:174
actionwp_footerinc\nxs_functions_wp.php:174
actionadmin_headinc\nxs_functions_wp.php:344
actionadd_meta_boxesinc\nxs_functions_wp.php:347
actionadmin_footerinc\nxs_functions_wp.php:353
actionbp_activity_posted_updateinc\nxs_functions_wp.php:836
filterget_avatarinc\nxs_functions_wp.php:993
filterwp_http_cookie_valueinc-cl\wl.php:191
filterregister_post_type_argsinc-cl\wp.api.php:5
actioninitNextScripts_SNAP.php:29
actionedit_postNextScripts_SNAP.php:33
actionpublish_postNextScripts_SNAP.php:34
actionsave_postNextScripts_SNAP.php:35
actionwp_headNextScripts_SNAP.php:41
actionshutdownNextScripts_SNAP.php:42
filterwpmu_blogs_columnsNextScripts_SNAP.php:45
actionmanage_blogs_custom_columnNextScripts_SNAP.php:46
actionmanage_sites_custom_columnNextScripts_SNAP.php:47
actionadmin_footerNextScripts_SNAP.php:48
actiontransition_post_statusNextScripts_SNAP.php:52
actionadmin_headNextScripts_SNAP.php:55
actionadmin_enqueue_scriptsNextScripts_SNAP.php:56
actionadmin_initNextScripts_SNAP.php:57
actionin_admin_headerNextScripts_SNAP.php:58
filtercron_schedulesNextScripts_SNAP.php:66
actionnxs_querypost_eventNextScripts_SNAP.php:67
actionnxs_hourly_eventNextScripts_SNAP.php:68
actionwp_loadedNextScripts_SNAP.php:69

Scheduled Events 2

nxs_hourly_event
nxs_querypost_event
Maintenance & Trust

NextScripts: Social Networks Auto-Poster Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version
Downloads7.4M

Community Trust

Rating66/100
Number of ratings617
Active installs30K
Alternatives

NextScripts: Social Networks Auto-Poster Alternatives

WP Tweetbox

WP Tweetbox

wp-tweetbox

A
85

WP Tweetbox adds a highly customizable Tweetbox at the end of blog posts and pages. Tweets are branded with your own website URL.

10 No CVEs
Nevamiss Auto Share

Nevamiss Auto Share

nevamiss

A
92

This plugin allows site users to auto-share their site content to authorized social media accounts.

0 No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Blog2Social: Social Media Auto Post & Scheduler

Blog2Social: Social Media Auto Post & Scheduler

blog2social

B
76

Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.

50K 24 CVEs
Jetpack Social

Jetpack Social

jetpack-social

A
100

Write once, publish everywhere. Reach your target audience by sharing your content with Jetpack Social!

30K No CVEs
Developer Profile

NextScripts: Social Networks Auto-Poster Developer Profile

NextScripts

1 plugin · 30K total installs

37
trust score
Avg Security Score
40/100
Avg Patch Time
783 days
View full developer profile
Detection Fingerprints

How We Detect NextScripts: Social Networks Auto-Poster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/inc-cl//wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/img//wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js//wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/css/
Script Paths
/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js/nxssnap-admin.js/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js/nxssnap-common.js
Version Parameters
social-networks-auto-poster-facebook-twitter-g/js/nxssnap-admin.js?ver=social-networks-auto-poster-facebook-twitter-g/js/nxssnap-common.js?ver=

HTML / DOM Fingerprints

CSS Classes
nxs_snap_bodynxssnap_wrap
HTML Comments
<!-- NextScripts: Social Networks Auto-Poster --><!-- V5 Beta -->
Data Attributes
data-snap-iddata-snap-post-id
JS Globals
window.nxs_SNAP_URLwindow.nxs_SNAP_AJAX_URLwindow.nxssnap_admin_obj
REST Endpoints
/wp-json/nxs/v1/settings/wp-json/nxs/v1/accounts/wp-json/nxs/v1/posts
Shortcode Output
[nxs_links]
FAQ

Frequently Asked Questions about NextScripts: Social Networks Auto-Poster