WordPress WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability

Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability discovered by Kishan Vyas in WordPress Plugin WP Social Ninja versions = 3.20.3...

CVE-2025-13007 WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

CVE-2025-13007

CVE-2025-13007 is a stored XSS vulnerability in the WordPress plugin WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (versions ≤ 3.20.3). It arises from insufficient input sanitization and output escaping of externally sourced content, allowing unauthenticated attackers to in...

CVE-2025-13007 WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...