The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ | Exploit Third Party Advisory |
Configurations
History
08 May 2025, 20:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ - Exploit, Third Party Advisory | |
| First Time |
Easysocialfeed
Easysocialfeed easy Social Feed |
|
| CPE | cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:free:wordpress:*:* |
21 Nov 2024, 08:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ - |
03 Jul 2024, 01:45
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
17 Apr 2024, 12:48
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-17 05:15
Updated : 2025-05-08 20:32
NVD link : CVE-2024-1219
Mitre link : CVE-2024-1219
CVE.ORG link : CVE-2024-1219
JSON object : View
Products Affected
easysocialfeed
- easy_social_feed
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')