3 matches found
CVE-2025-13896
creationtimestamp| type| source ---|---|--- 2025-12-06 09:34:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7cp57v2ea2q...
CVE-2025-13896 Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the igp-wp shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Social Feed Gallery Portfolio plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Social Feed Gallery Portfolio versions = 1.3...