CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25086 – WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25086
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta allows Reflected XSS.This issue affects Secret Meta: from n/a through 1.2.1. The Secret Meta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action ... • https://patchstack.com/database/wordpress/plugin/facebook-secret-meta/vulnerability/wordpress-secret-meta-plugin-1-2-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23814 – WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23814
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CRUDLab Like Box allows Reflected XSS. This issue affects CRUDLab Like Box: from n/a through 2.0.9. The CRUDLab Like Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute ... • https://patchstack.com/database/wordpress/plugin/crudlab-facebook-like-box/vulnerability/wordpress-crudlab-like-box-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45863
https://notcve.org/view.php?id=CVE-2024-45863
27 Sep 2024 — A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. • https://www.facebook.com/security/advisories/cve-2024-45863 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45773
https://notcve.org/view.php?id=CVE-2024-45773
27 Sep 2024 — A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. • https://www.facebook.com/security/advisories/cve-2024-45773 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33695 – WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33695
26 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThemeNcode Fan Page Widget by ThemeNcode permite almacenar XSS. Este problema afecta el widget de página de fans de ThemeNcode: desde n/a hasta 2.0. The ... • https://patchstack.com/database/vulnerability/facebook-fan-page-widget/wordpress-fan-page-widget-by-themencode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32815 – WordPress All-in-one Like Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32815
22 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Jeroen Peters All-in-one Like Widget permite almacenar XSS. Este problema afecta el widget Me gusta todo en uno: desde n/a hasta 2.2.7 . The All-in-one Like Widge... • https://patchstack.com/database/vulnerability/all-in-one-facebook-like-widget/wordpress-all-in-one-like-widget-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32689 – WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32689
17 Apr 2024 — Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. Vulnerabilidad de autorización faltante en GenialSouls WP Social Comments. Este problema afecta a WP Social Comments: desde n/a hasta 1.7.3. The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for... • https://patchstack.com/database/vulnerability/gs-facebook-comments/wordpress-wp-social-comments-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31379 – WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31379
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smash Balloon Smash Balloon Social Post Feed. Este problema afecta al feed de publicaciones sociales de Smash Balloon: desde n/a hasta 4.2.1. The Smash Balloon Social Post Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.1. Thi... • https://patchstack.com/database/vulnerability/custom-facebook-feed/wordpress-smash-balloon-social-post-feed-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31387 – WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31387
10 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Popup LikeBox Team Popup Like box permite almacenar XSS. Este problema afecta el cuadro Popup Like: desde n/a hasta 3.7.2. The Popup Like box – Page Plugin plugin for WordPress... • https://patchstack.com/database/vulnerability/ays-facebook-popup-likebox/wordpress-popup-likebox-plugin-3-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30526 – WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30526
29 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Social Feed. Este problema afecta a Easy Social Feed: desde n/a hasta 6.5.6. The Easy Social Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-social-photos-gallery-post-feed-like-box-plugin-6-5-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •