25 matches found
EUVD-2018-18114
Malware in sbrugna...
EUVD-2013-1939
Malware in sbrugna...
CVE-2024-0974
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2018-6357
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2013-1949
Social Media Widget social-media-widget plugin 4.0 for WordPress contains an externally introduced modification Trojan Horse, which allows remote attackers to force the upload of arbitrary files...
WordPress Social Media Widget plugin < 4.0.9 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Media Widget versions 4.0.9...
CVE-2024-0974
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974
CVE-2024-0974 affects the Social Media Widget WordPress plugin prior to 4.0.9. The issue is Stored XSS caused by insufficient sanitization/escaping of settings, enabling high-privilege users (e.g., admins) to inject scripts, even when unfiltered_html is disallowed (e.g., multisite). Remediation: ...
WordPress Social Media Widget Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Social Media Widget Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0974 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 904528994de0 Credits Dmitrii Ignatyev...
PT-2024-15953 · WordPress · Social Media Widget
Name of the Vulnerable Software and Affected Versions: Social Media Widget WordPress plugin versions prior to 4.0.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...
WordPress plugin Social Media Widget security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress acurax-social-media-widget plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. acurax-social-media-widget plugin is used in one of the social media links to add plug-ins. A cross-site request...
Cross site request forgery (csrf)
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2018-6357
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2018-6357
CVE-2018-6357 affects the WordPress plugin acurax-social-media-widget (
WordPress Social Media Widget by Acurax 3.2.5 Plugin - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Social Media Widget by Acurax CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://www.acurax.com/ Software Link:...
WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery
WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery Exploit Title: Social Media Widget by Acurax CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://www.acurax.com/ Software Link:...