Lucene search
K

8 matches found

NVD
NVD
added 2025/11/25 8:15 a.m.13 views

CVE-2025-13386

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 7:28 a.m.5 views

EUVD-2025-199574

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS4.7AI score0.00236EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 7:28 a.m.20 views

CVE-2025-13386

CVE-2025-13386 affects the WordPress plugin Social Images Widget (WordPress) up to version 2.1. The issue is a missing capability check in the options_update function, enabling unauthenticated attackers to delete or modify the plugin’s settings via a forged request and social engineering (trickin...

5.3CVSS4.8AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.2 views

CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS4.7AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.10 views

CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS0.00236EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/25 12:9 a.m.5 views

WordPress Social Images Widget plugin <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Social Images Widget versions = 2.1...

5.3CVSS7AI score0.00236EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.3 views

WordPress plugin Social Images Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.7 views

PT-2025-48010

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options update' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS5.1AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder