31 matches found
CVE-2025-14726
The CVE concerns the Widgets for Social Photo Feed plugin for WordPress. All versions up to 1.8 expose two REST API endpoints—/trustindex_feed_hook_instagram/troubleshooting and /trustindex_feed_hook_instagram/submit-data—without a required capability check, enabling unauthenticated access and mo...
CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...
PT-2026-36564
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex feed hook instagram/troubleshooting' and '/trustindex feed hook instagram/submit-data' REST API endpoints in all...
CVE-2025-68595
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through = 1.8...
CVE-2025-68595
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through = 1.8...
CVE-2025-68595
CVE-2025-68595 refers to a Missing Authorization vulnerability in the WordPress plugin Widgets for Social Photo Feed (also known as Widgets for Social Photo Feed: social-photo-feed-widget). The initial document lists affected versions as up to 1.7.7 and notes that exploitation arises from Incorre...
PT-2025-53283
Name of the Vulnerable Software and Affected Versions Trustindex Widgets for Social Photo Feed versions through 1.7.7 Description An authorization issue exists in Trustindex Widgets for Social Photo Feed. The issue involves incorrectly configured access control security levels, potentially allowi...
WordPress Widgets For Google Reviews Cross-Site Scripting Vulnerability
WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...
CVE-2025-9436
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436
CVE-2025-9436 affects the WordPress plugin “Widgets for Google Reviews” (trustindex shortcode). All versions up to 13.2.1 are vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated acces...
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-202662
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...
PT-2025-50575
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Widgets for Google Reviews 跨站脚本漏洞
WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...
EUVD-2024-23226
Malicious code in bioql PyPI...
EUVD-2025-31204
Malicious code in bioql PyPI...
EUVD-2023-52342
Malicious code in bioql PyPI...