Vulnerabilities and security researches forwp-social-widget wp-social-widget

Jun 15, 2025

CVE, Research URL: CVE-2025-49306
Home page URL: Security reports for WP Social Widget
Application: WP Social Widget
Date: Jun 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3.
Affected versions: Min -, max -.
Status: vulnerable

Mar 26, 2025

CVE, Research URL: CVE-2025-30610
Home page URL: Security reports for WP Social Widget
Application: WP Social Widget
Date: Mar 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.2.6.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-0074
Home page URL: Security reports for WP Social Widget
Application: WP Social Widget
Date: Jan 31, 2023
Research Description: The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-27189
Home page URL: Security reports for WP Social Widget
Application: WP Social Widget
Date: Mar 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.
Affected versions: Min -, max -.
Status: vulnerable