CVE-2024-0973

2024-03-1819:15:06

[email protected]

web.nvd.nist.gov

cve-2024-0973

widget

social

page

feeds

wordpress

plugin

stored xss

vulnerability

nvd

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected configurations

Vulners

Node

rebelcodespotlight_social_feedsRange<6.4

VendorProductVersionCPE
rebelcodespotlight_social_feeds*cpe:2.3:a:rebelcode:spotlight_social_feeds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rebelcode	spotlight_social_feeds	*	cpe:2.3:a:rebelcode:spotlight_social_feeds::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Widget for Social Page Feeds",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]