Lucene search
K

25 matches found

Cvelist
Cvelist
added 2026/05/02 4:27 a.m.35 views

CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action

The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttpgetaccounts' AJAX action. This is due to the complete absence of authorization checks no capability verification and nonce...

5.4CVSS0.00229EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/02 4:27 a.m.6 views

CVE-2026-6446 My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action

The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttpgetaccounts' AJAX action. This is due to the complete absence of authorization checks no capability verification and nonce...

5.4CVSS5.7AI score0.00229EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.12 views

WordPress plugin My Social Feeds – Social Feeds Embedder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36567

Name of the Vulnerable Software and Affected Versions My Social Feeds – Social Feeds Embedder versions prior to 1.0.5 Description The plugin is subject to sensitive information exposure via the 'ttp get accounts' AJAX action. The get accounts function lacks authorization checks and nonce...

5.4CVSS5.7AI score0.00229EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.8 views

WordPress Spotlight Social Feeds – Block, Shortcode, and Widget plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spotlight Social Media Feeds versions = 1.7.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 12:0 a.m.9 views

WordPress My Social Feeds – Social Feeds Embedder Plugin for WP plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Teerachai Somprasong in WordPress Plugin My Social Feeds – Social Feeds Embedder Plugin for WordPress versions = 1.0.4...

5.4CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/04/15 4:21 p.m.4 views

CVE-2026-20147

creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:19:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfozrbcw2y 2026-04-15 19:12:10+00:00| seen|...

9.9CVSS5.5AI score0.10944EPSS
Exploits0References12
Circl
Circl
added 2025/12/03 4:3 a.m.4 views

CVE-2025-13542

creationtimestamp| type| source ---|---|--- 2025-12-03 04:03:16+00:00| seen| https://infosec.exchange/users/offseq/statuses/115653646438894622 2025-12-03 04:03:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m72l7gdgjy2l 2025-12-03 07:43:10+00:00| seen|...

9.8CVSS5.7AI score0.00322EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-12440

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00526EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.4 views

WordPress plugin Spotlight Social Feeds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.2AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.8 views

CVE-2023-0379

The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.1AI score0.00526EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/02/17 11:38 a.m.4 views

CVE-2025-26758 WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through = 1.7.1...

5.3CVSS8.5AI score0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.4 views

WordPress plugin Spotlight Social Feeds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.9AI score0.00353EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/14 2:36 p.m.3 views

WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Spotlight Social Media Feeds versions = 1.7.1...

5.3CVSS7AI score0.00353EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.3 views

WordPress Plugin Spotlight Social Feeds 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Spotlight Social Feeds A...

4.3CVSS6.5AI score0.002EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/19 12:0 a.m.9 views

WordPress Advanced Social Feeds Widget & Shortcode Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Social Feeds Widget & Shortcode Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0951 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 185d76acedb2 Credits...

5.7AI score0.00379EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/03/18 7:5 p.m.78 views

CVE-2024-0951

CVE-2024-0951 affects the WordPress plugin Advanced Social Feeds Widget & Shortcode (versions

4.8CVSS7.6AI score0.00379EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-15931 · WordPress · The Advanced Social Feeds Widget & Shortcode

Name of the Vulnerable Software and Affected Versions: The Advanced Social Feeds Widget & Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...

4.8CVSS8.2AI score0.00379EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.5 views

WordPress Plugin Advanced Social Feeds Widget & Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6AI score0.00379EPSS
Exploits2References2
OSV
OSV
added 2023/02/13 3:15 p.m.4 views

CVE-2023-0379

The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00526EPSS
Exploits2References1
Rows per page
Query Builder