The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 2 live websites that are affected by CVE-2024-0974.
Product | Social Media Widget |
Category | Wordpress Plugins |
Vulnerable Domains | 2 live websites (18.18% of Social Media Widget install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 2 versions ( 20.00% of all versions) |
United States | 2 websites |
.com | 2 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.com | United States | **,***,*** | |
***********.com | United States | **,***,*** |
FAQ