CVE-2024-31387 – WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31387
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Popup LikeBox Team Popup Like box permite almacenar XSS. Este problema afecta el cuadro Popup Like: desde n/a hasta 3.7.2. The Popup Like box – Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ays-facebook-popup-likebox/wordpress-popup-likebox-plugin-3-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-31379 – WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31379
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smash Balloon Smash Balloon Social Post Feed. Este problema afecta al feed de publicaciones sociales de Smash Balloon: desde n/a hasta 4.2.1. The Smash Balloon Social Post Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the maybe_source_connection_data() function. • https://patchstack.com/database/vulnerability/custom-facebook-feed/wordpress-smash-balloon-social-post-feed-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30526 – WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30526
Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Social Feed. Este problema afecta a Easy Social Feed: desde n/a hasta 6.5.6. The Easy Social Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-social-photos-gallery-post-feed-like-box-plugin-6-5-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30555 – WordPress Ultimate Social Comments plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30555
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through 1.4.8. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Ultimate Social Comments – Email Notification & Lazy Load de Sayan Datta para WordPress permite XSS almacenado. Este problema afecta a Ultimate Social Comments – Email Notification & Lazy Load: de n/a hasta 1.4.8. The Ultimate Social Comments – Email Notification & Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ultimate-facebook-comments/wordpress-ultimate-social-comments-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-30180 – WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30180
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Easy Social Feed permite XSS almacenado. Este problema afecta a Easy Social Feed: desde n/a hasta 6.5.3. The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fb_appid' parameter in versions up to, and including, 6.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •