2 matches found
CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress Easy Social Feed Plugin < 6.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Easy Social Feed Type Plugin Vulnerable versions 6.5.6 Fixed in 6.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1219 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 44698f6b2049 Credits Dmitrii Ignatyev Required...