CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24710 – WordPress Feed Them Social plugin <= 4.2.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24710
31 Jan 2024 — Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0. Vulnerabilidad de autorización faltante en SlickRemix Feed Them Social. Este problema afecta a Feed Them Social: desde n/a hasta 4.2.0. The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'review_nag_chec... • https://patchstack.com/database/vulnerability/feed-them-social/wordpress-feed-them-social-plugin-4-2-0-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25056 – WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25056
21 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. The Feed Them Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on the following functions: fts_maybe_set_transient, fts_check_nag_get, feed_them_settings, social_follow_button, fts_facebook_page_form, fts_twitter_form, fts_instagram_form, fts_youtube_form, and fts_pinterest_form. This make... • https://patchstack.com/database/vulnerability/feed-them-social/wordpress-feed-them-social-for-twitter-feed-youtube-and-more-plugin-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2942 – Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update
https://notcve.org/view.php?id=CVE-2022-2942
14 Nov 2022 — The Feed Them Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.9. This is due to missing or incorrect nonce validation on various functions such as fts_instagram_token_ajax(). This makes it possible for unauthenticated attackers to trigger settings updates via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2940 – Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2940
14 Nov 2022 — The Feed Them Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘access_token’ parameter in the function fts_instagram_token_ajax in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, subscriber and above, to inject arbitrary web scripts stored in the plugin options. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2532 – Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2532
26 Jul 2022 — The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Feed Them Social de WordPress versiones anteriores a 3.0.1, no sanea y escapa de un parámetro antes de devolverlo a la página, lo que conlleva a un ataque de tipo Cross-Site Scripting Reflejado. The Feed Them Social plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘access_token’ parameter in the funct... • https://wpscan.com/vulnerability/07278b12-58e6-4230-b2fb-19237e9785d8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2383 – Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2383
12 Jul 2022 — The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Feed Them Social de WordPress versiones anteriores a 3.0.1, no sanea y escapa de un parámetro antes de devolverlo a la página, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Feed Them Social plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘expires_in’ parameter in versions up t... • https://wpscan.com/vulnerability/4a3b3023-e740-411c-a77c-6477b80d7531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2437 – Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-2437
12 Jul 2022 — The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a f... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail= • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36739 – Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36739
16 Sep 2020 — The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9350 – Feed Them Social <= 1.6.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9350
02 Feb 2015 — The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. El plugin feed-them-social antes de 1.7.0 para WordPress ha reflejado XSS en las fuentes de Facebook al cargar más botón. • https://wordpress.org/plugins/feed-them-social/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9351 – Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2015-9351
02 Feb 2015 — The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. El plugin feed-them-social antes de 1.7.0 para WordPress tiene una posible ejecución de shortcode en las fuentes de Facebook al cargar más botón. • https://wordpress.org/plugins/feed-them-social/#developers • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •