Lucene search
WpvulndbWPVDB-ID:0E97296C-B8FD-4088-B011-EB4D1EC487E0HistoryJan 26, 2024 - 12:00 a.m.
Meks Smart Social Widget < 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
2024-01-2600:00:00
wpscan.com
8
meks smart social widget
stored cross-site scripting
wordpress
authenticated
administrator
input sanitization
output escaping
multi-site installations
unfiltered_html disabled
Description The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Related
cvelist
cvelist
CVE-2024-0664
2024-01-27 03:32:45
prion
prion
Cross site scripting
2024-01-27 04:15:00
nvd
nvd
CVE-2024-0664
2024-01-27 04:15:08
cve
cve
CVE-2024-0664
2024-01-27 04:15:08
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:0E97296C-B8FD-4088-B011-EB4D1EC487E0