CVE-2026-27379
Received Received - Intake
Deserialization Object Injection in NextScripts Auto-Poster

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27379
EUVD
EUVD-2026-9633
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nextscripts social-networks-auto-poster-facebook-twitter-g From 4.0.0 (inc) to 4.4.7 (inc)
nextscripts social_networks_auto_poster_facebook_twitter_g to 4.4.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27379 is a PHP Object Injection vulnerability affecting the WordPress NextScripts Plugin versions up to and including 4.4.7. It allows an attacker with contributor or developer privileges to inject malicious PHP objects into the application.

This vulnerability arises from deserialization of untrusted data, which can lead to various attacks if a suitable Property Oriented Programming (POP) chain is available.

It is classified under OWASP Top 10 A3: Injection vulnerabilities.

Impact Analysis

Exploitation of this vulnerability can lead to severe consequences including code injection, SQL injection, path traversal, denial of service, and other attacks.

Because the vulnerability allows PHP Object Injection, an attacker could potentially execute arbitrary code or manipulate the system in harmful ways.

This poses a high risk to the security and integrity of affected WordPress websites.

Compliance Impact

I don't know

Detection Guidance

There is no specific detection command or method provided in the available resources for identifying this vulnerability on your network or system.

Mitigation Strategies

Since no official patch is available as of the publication date, users are strongly advised to apply the mitigation rule issued by Patchstack immediately to block attacks exploiting this vulnerability.

Applying this mitigation can help protect your WordPress installation until an official patch is released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart