Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-18114

Malware in sbrugna...

8.8CVSS8.8AI score0.00649EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-1939

Malware in sbrugna...

5CVSS6.4AI score0.02374EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.8 views

CVE-2024-0974

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:7 p.m.4 views

CVE-2018-6357

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

8.8CVSS7AI score0.00649EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:22 a.m.7 views

CVE-2013-1949

Social Media Widget social-media-widget plugin 4.0 for WordPress contains an externally introduced modification Trojan Horse, which allows remote attackers to force the upload of arbitrary files...

5CVSS7.3AI score0.02374EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/12 7:20 a.m.5 views

WordPress Social Media Widget plugin < 4.0.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Media Widget versions 4.0.9...

4.8CVSS6.1AI score0.0033EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/12 6:15 a.m.7 views

CVE-2024-0974

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0033EPSS
Exploits1References1
NVD
NVD
added 2024/07/12 6:15 a.m.35 views

CVE-2024-0974

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.0033EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/12 6:0 a.m.17 views

CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.0033EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/12 6:0 a.m.25 views

CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.0033EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 6:0 a.m.50 views

CVE-2024-0974

CVE-2024-0974 affects the Social Media Widget WordPress plugin prior to 4.0.9. The issue is Stored XSS caused by insufficient sanitization/escaping of settings, enabling high-privilege users (e.g., admins) to inject scripts, even when unfiltered_html is disallowed (e.g., multisite). Remediation: ...

4.8CVSS4.9AI score0.0033EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/12 12:0 a.m.8 views

WordPress Social Media Widget Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media Widget Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0974 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 904528994de0 Credits Dmitrii Ignatyev...

4.8CVSS5.8AI score0.0033EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.8 views

PT-2024-15953 · WordPress · Social Media Widget

Name of the Vulnerable Software and Affected Versions: Social Media Widget WordPress plugin versions prior to 4.0.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...

4.8CVSS5.3AI score0.0033EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.4 views

WordPress plugin Social Media Widget security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS6.1AI score0.0033EPSS
Exploits1References2
CNVD
CNVD
added 2018/01/30 12:0 a.m.1 views

WordPress acurax-social-media-widget plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. acurax-social-media-widget plugin is used in one of the social media links to add plug-ins. A cross-site request...

8.8CVSS6.4AI score0.00649EPSS
Exploits1References1
Prion
Prion
added 2018/01/27 5:29 p.m.10 views

Cross site request forgery (csrf)

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

6.8CVSS8.6AI score0.00649EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/01/27 5:0 p.m.30 views

CVE-2018-6357

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

8.8AI score0.00649EPSS
Exploits1References2
CVE
CVE
added 2018/01/27 5:0 p.m.52 views

CVE-2018-6357

CVE-2018-6357 affects the WordPress plugin acurax-social-media-widget (

8.8CVSS8.7AI score0.00649EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2018/01/10 12:0 a.m.28 views

WordPress Social Media Widget by Acurax 3.2.5 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Social Media Widget by Acurax CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://www.acurax.com/ Software Link:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2018/01/10 12:0 a.m.14 views

WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery

WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery Exploit Title: Social Media Widget by Acurax CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://www.acurax.com/ Software Link:...

0.3AI score
Exploits0
Rows per page
Query Builder