13757 matches found
Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...
Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting
Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...
Sassy Social Share <= 3.3.3 - Cross-Site Scripting
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure
Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...
CVE-2026-11563 Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal
The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...
CVE-2026-58408
creationtimestamp| type| source ---|---|--- 2026-07-13 21:48:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkoajc22s2k...
CVE-2026-55771
creationtimestamp| type| source ---|---|--- 2026-07-13 21:01:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqkllprtr22c 2026-07-13 22:25:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkqcx5wqd2e...
CVE-2026-57812
creationtimestamp| type| source ---|---|--- 2026-07-13 19:44:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkhdomdzp2a 2026-07-14 02:30:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql5yuredv2f...
CVE-2026-59523
creationtimestamp| type| source ---|---|--- 2026-07-13 11:57:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjn72rpzm2d 2026-07-13 12:45:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjpwgtxo52e 2026-07-14 01:51:23+00:00| seen|...
CVE-2026-57719
creationtimestamp| type| source ---|---|--- 2026-07-13 11:20:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjl4ur7zb2b 2026-07-13 11:23:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjlchorxn24 2026-07-13 11:29:15+00:00| seen|...
CVE-2026-13014
creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkhfcdhy2v 2026-07-13 18:49:30+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkeahv4nr2e...
CVE-2026-57382
creationtimestamp| type| source ---|---|--- 2026-07-13 10:59:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjjyrrtyy2x...
CVE-2026-57714
creationtimestamp| type| source ---|---|--- 2026-07-13 10:56:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjrvbgcs2g 2026-07-13 11:11:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjknmwz7j2a 2026-07-13 11:20:04+00:00| seen|...
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...
CVE-2026-15525
creationtimestamp| type| source ---|---|--- 2026-07-13 03:27:16+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqiqpff55b2f 2026-07-13 03:50:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqirzi2wsg27 2026-07-13 21:03:53+00:00| seen|...
CVE-2026-15520
creationtimestamp| type| source ---|---|--- 2026-07-13 02:27:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqinf24bau2a 2026-07-13 03:54:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqisa6y6cx2q...