5 matches found
CVE-2024-27189
CVE-2024-27189 affects WordPress WP Social Widget (plugin) versions up to and including 2.2.5, with a Stored XSS due to improper input neutralization during page generation. Public reports confirm the issue (WordPress plugin page and Red Hat/NVD references) and indicate a fix was released in vers...
CVE-2025-30610
CVE-2025-30610 is an authenticated stored XSS in the WordPress plugin WP Social Widget. The vulnerability arises from improper neutralization of user input during web page generation, affecting WP Social Widget versions up to 2.2.6 (inclusive). Connected sources indicate this entry has not been p...
CVE-2023-0074
CVE-2023-0074 concerns the WordPress plugin WP Social Widget prior to version 2.2.4, where shortcode attributes are not properly validated or escaped before being output in posts/pages. This enables stored Cross-Site Scripting (XSS) attacks by users with the contributor role or higher. The issue ...
CVE-2025-49306
CVE-2025-49306 is a stored XSS in WordPress WP Social Widget due to improper input neutralization during web page generation. Affected: WP Social Widget up to version 2.3 (including). The connected sources (Wordfence WordPress vulnerability report) confirm stored XSS and affected version, but do ...
CVE-2025-57981
CVE-2025-57981 is a stored cross-site scripting vulnerability in the WordPress plugin WP Social Widget. The attached description and corroborating Wordfence data identify the issue as Improper Neutralization of Input During Web Page Generation (Stored XSS) affecting WP Social Widget versions up t...