Leechesnutt

leechesnutt

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Slick Contact Forms

slick_contact_forms

1 CVE

Slick Social Share Buttons

slick_social_share_buttons

1 CVE

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6878 1Leechesnutt 1Slick Social Share Buttons Apr 8, 2026 Jan 11, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This...Show more The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.Show less
CVE-2023-5468 1Leechesnutt 1Slick Contact Forms Apr 8, 2026 Oct 10, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on u...Show more The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-6878

1Leechesnutt

1Slick Social Share Buttons

Apr 8, 2026

Jan 11, 2024

N/A· v4

6.5 MEDIUM· v3

N/A· v2

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.Show less

CVE-2023-5468

1Leechesnutt

1Slick Contact Forms

Apr 8, 2026

Oct 10, 2023

N/A· v4

5.4 MEDIUM· v3

N/A· v2

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less