25 matches found
CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttpgetaccounts' AJAX action. This is due to the complete absence of authorization checks no capability verification and nonce...
CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttpgetaccounts' AJAX action. This is due to the complete absence of authorization checks no capability verification and nonce...
WordPress plugin My Social Feeds – Social Feeds Embedder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-36567
Name of the Vulnerable Software and Affected Versions My Social Feeds – Social Feeds Embedder versions prior to 1.0.5 Description The plugin is subject to sensitive information exposure via the 'ttp get accounts' AJAX action. The get accounts function lacks authorization checks and nonce...
WordPress Spotlight Social Feeds – Block, Shortcode, and Widget plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spotlight Social Media Feeds versions = 1.7.0...
WordPress My Social Feeds – Social Feeds Embedder Plugin for WP plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Teerachai Somprasong in WordPress Plugin My Social Feeds – Social Feeds Embedder Plugin for WordPress versions = 1.0.4...
CVE-2026-20147
creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:19:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfozrbcw2y 2026-04-15 19:12:10+00:00| seen|...
CVE-2025-13542
creationtimestamp| type| source ---|---|--- 2025-12-03 04:03:16+00:00| seen| https://infosec.exchange/users/offseq/statuses/115653646438894622 2025-12-03 04:03:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m72l7gdgjy2l 2025-12-03 07:43:10+00:00| seen|...
EUVD-2023-12440
Malicious code in bioql PyPI...
WordPress plugin Spotlight Social Feeds 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-0379
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-26758 WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through = 1.7.1...
WordPress plugin Spotlight Social Feeds 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Spotlight Social Media Feeds versions = 1.7.1...
WordPress Plugin Spotlight Social Feeds 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Spotlight Social Feeds A...
WordPress Advanced Social Feeds Widget & Shortcode Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Social Feeds Widget & Shortcode Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0951 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 185d76acedb2 Credits...
CVE-2024-0951
CVE-2024-0951 affects the WordPress plugin Advanced Social Feeds Widget & Shortcode (versions
PT-2024-15931 · WordPress · The Advanced Social Feeds Widget & Shortcode
Name of the Vulnerable Software and Affected Versions: The Advanced Social Feeds Widget & Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...
WordPress Plugin Advanced Social Feeds Widget & Shortcode Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-0379
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...