Social Likebox & Feed Security Vulnerabilities
Prototype pollution in emit function
Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...
7AI Score
Prototype pollution in emit function
Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...
7AI Score
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers,....
6.4CVSS
6.4AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers,....
6.4CVSS
6.2AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers,....
6.4CVSS
6.3AI Score
0.0004EPSS
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
7.9AI Score
0.0004EPSS
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
5.6AI Score
0.0004EPSS
CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
5.8AI Score
0.0004EPSS
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for...
6.4CVSS
6.5AI Score
0.0004EPSS
Smash Balloon Social Post Feed < 4.2.2 - Facebook Token Reset/Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the maybe_source_connection_data() function, allowing attacker to reset and set an arbitrary Facebook Token via a CSRF...
4.3CVSS
4.8AI Score
0.0004EPSS
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
7.2CVSS
7.1AI Score
0.0004EPSS
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
7.2CVSS
7AI Score
0.0004EPSS
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
7.2CVSS
7.3AI Score
0.0004EPSS
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
7.2CVSS
7.3AI Score
0.0004EPSS
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
7AI Score
Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
7.2CVSS
7.3AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through...
7.6CVSS
7.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through...
5.5CVSS
5.5AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through...
5.5CVSS
5.5AI Score
0.0004EPSS
CVE-2023-52144 WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through...
5.5CVSS
5.8AI Score
0.0004EPSS
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.3AI Score
0.0004EPSS
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.3AI Score
0.0004EPSS
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.5AI Score
0.0004EPSS
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.6AI Score
0.0004EPSS
Description The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with...
4.3CVSS
6.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-31387 WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through...
7.2CVSS
7.6AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through...
7.2CVSS
7.2AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on....
6.4CVSS
5.7AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on....
6.4CVSS
6.1AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on....
6.4CVSS
5.8AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on....
6.4CVSS
5.8AI Score
0.0004EPSS
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output....
6.4CVSS
5.9AI Score
0.0004EPSS
Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a....
2.6CVSS
3.5AI Score
0.0004EPSS