Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-05-23
Updated
2023-05-26
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-22
Updated
2022-08-25
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Max CVSS
9.8
EPSS Score
0.46%
Published
2022-07-18
Updated
2023-10-24
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Max CVSS
6.1
EPSS Score
0.11%
Published
2022-08-22
Updated
2022-08-25
The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Max CVSS
4.3
EPSS Score
0.10%
Published
2023-07-01
Updated
2023-07-07
The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button.
Max CVSS
9.8
EPSS Score
0.48%
Published
2019-08-27
Updated
2019-08-28
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-27
Updated
2019-08-28
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-09-17
Updated
2013-09-25
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!