Lucene search
WPScanVULNRICHMENT:CVE-2024-1219HistoryApr 17, 2024 - 5:00 a.m.
CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
2024-04-1705:00:02
WPScan
github.com
2
cve-2024-1219; easy social feed; stored xss; wordpress plugin; contributor; cross-site scripting; admin vulnerability
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:wordpress:easy_social_feed:*:*:*:*:*:*:*:*"
],
"vendor": "wordpress",
"product": "easy_social_feed",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]Related
wpvulndb
wpvulndb
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
2024-03-27 00:00:00
wpexploit
wpexploit
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
2024-03-27 00:00:00
nvd
nvd
CVE-2024-1219
2024-04-17 05:15:48
cve
cve
CVE-2024-1219
2024-04-17 05:15:48
cvelist
cvelist
CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
2024-04-17 05:00:02
wordfence
wordfence