Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.4 views

CVE-2024-10149

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/17 12:19 a.m.6 views

WordPress Social Slider Feed plugin < 2.2.9 - Admin+ Stored XSS via Widgets vulnerability

Admin+ Stored XSS via Widgets vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Slider Feed versions 2.2.9...

4.8CVSS5.9AI score0.00266EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/15 8:6 p.m.27 views

CVE-2024-10149

The CVE-2024-10149 entry concerns the WordPress Social Slider Feed plugin prior to version 2.2.9. The root cause is that certain settings are not properly sanitized or escaped, enabling Stored XSS by high‑privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in m...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.12 views

CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.5 views

CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
Rows per page
Query Builder