Social Slider Widget

social_slider_widget

Vendor: Cm Wp • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10149 1Cm Wp 1Social Slider Widget Jun 9, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-0717 1Cm Wp 1Social Slider Widget Jan 13, 2026 Mar 25, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 To exploit the vulnerability, it is necessary:
CVE-2021-24196 1Cm Wp 1Social Slider Widget Nov 21, 2024 Apr 5, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being san...Show more The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitizedShow less