6 matches found
CVE-2024-13207
The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
WordPress Widget for Social Page Feeds plugin < 6.4.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Widget for Social Page Feeds versions 6.4.2...
CVE-2024-13207
creationtimestamp| type| source ---|---|--- 2025-04-15 06:54:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11773 2025-04-15 08:38:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmtofrv2ux2a 2025-04-15 09:04:49+00:00| seen| https://t.me/cvedetector/22925...
CVE-2024-13207
The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-13207
The CVE-2024-13207 entry refers to the WordPress plugin Widget for Social Page Feeds (Facebook Pagelike Widget) prior to version 6.4.2. The issue is that the plugin does not adequately sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltere...
CVE-2024-13207 Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS
The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...