WordPress Plugin Vulnerabilities

Social Media Widget by Acurax <= 3.2.5 - Stored XSS & CSRF

Description

The Social Media Widget by Acurax WordPress plugin was affected by a Stored XSS & CSRF security vulnerability.

Affects Plugins

Plugin icon
acurax-social-media-widget
Fixed in 3.2.6

References

CVE
CVE-2018-6357
URL
http://lists.openwall.net/full-disclosure/2018/01/10/8
URL
https://plugins.trac.wordpress.org/changeset/1798382/acurax-social-media-widget

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
34a25a1c-299e-49ce-a079-9409511dff67

Timeline

Publicly Published
2018-01-07 (about 8 years ago)
Added
2018-01-29 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-10-01
Title
Refraction Theme Multiple Vulnerabilities (XSS, FPD)
Published
2016-06-20
Title
Jetpack <= 4.0.3 - Multiple Vulnerabilities
Published
2016-04-17
Title
leenk.me < 2.6.0 - XSS & CSRF
Published
2014-08-01
Title
RokIntroScroller <= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities
Published
2015-07-02
Title
WordPress File Upload < 3.0.0 - Multiple Vulnerabilities