Lucene search
K
CatchsquareWp Social Widget

5 matches found

CVE
CVE
added 2024/03/15 12:52 p.m.71 views

CVE-2024-27189

CVE-2024-27189 affects WordPress WP Social Widget (plugin) versions up to and including 2.2.5, with a Stored XSS due to improper input neutralization during page generation. Public reports confirm the issue (WordPress plugin page and Red Hat/NVD references) and indicate a fix was released in vers...

6.5CVSS8.6AI score0.00337EPSS
CVE
CVE
added 2025/03/24 1:47 p.m.69 views

CVE-2025-30610

CVE-2025-30610 is an authenticated stored XSS in the WordPress plugin WP Social Widget. The vulnerability arises from improper neutralization of user input during web page generation, affecting WP Social Widget versions up to 2.2.6 (inclusive). Connected sources indicate this entry has not been p...

6.5CVSS7.2AI score0.00261EPSS
CVE
CVE
added 2023/01/30 8:31 p.m.57 views

CVE-2023-0074

CVE-2023-0074 concerns the WordPress plugin WP Social Widget prior to version 2.2.4, where shortcode attributes are not properly validated or escaped before being output in posts/pages. This enables stored Cross-Site Scripting (XSS) attacks by users with the contributor role or higher. The issue ...

5.4CVSS5.3AI score0.00534EPSS
CVE
CVE
added 2025/06/06 12:53 p.m.46 views

CVE-2025-49306

CVE-2025-49306 is a stored XSS in WordPress WP Social Widget due to improper input neutralization during web page generation. Affected: WP Social Widget up to version 2.3 (including). The connected sources (Wordfence WordPress vulnerability report) confirm stored XSS and affected version, but do ...

6.5CVSS5.9AI score0.00216EPSS
CVE
CVE
added 2025/09/22 6:24 p.m.10 views

CVE-2025-57981

CVE-2025-57981 is a stored cross-site scripting vulnerability in the WordPress plugin WP Social Widget. The attached description and corroborating Wordfence data identify the issue as Improper Neutralization of Input During Web Page Generation (Stored XSS) affecting WP Social Widget versions up t...

6.5CVSS5.9AI score0.00197EPSS