Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-4085	Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute	maltathemes	Easy Social Photos Gallery – MIF	Medium	6.4	2026-04-22 07:45:39	Deep Dive
CVE-2025-53235	WordPress Easy Social plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability	osuthorpe	Easy Social	High	7.1	2025-12-31 20:11:26	Deep Dive
CVE-2025-64198	WordPress Easy Social Share Buttons plugin < 10.7.1 - Cross Site Scripting (XSS) vulnerability	appscreo	Easy Social Share Buttons	高危	-	2025-11-06 15:56:09	Deep Dive
CVE-2025-6067	Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	sjaved	Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	Medium	6.4	2025-09-06 01:47:27	Deep Dive
CVE-2025-4583	Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute	https://profiles.wordpress.org/smub/	Smash Balloon Instagram Feed Pro	Medium	5.4	2025-05-29 04:23:08	Deep Dive
CVE-2023-33998	WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability	CyberNetikz	Easy Social Icons	Medium	4.3	2024-12-13 14:23:34	Deep Dive
CVE-2023-48740	WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability	Sajid Javed	Easy Social Feed	中危	-	2024-12-09 11:30:27	Deep Dive
CVE-2024-5020	Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library	extendthemes	Colibri Page Builder	Medium	6.4	2024-12-04 08:22:47	Deep Dive
CVE-2024-51833	WordPress Easy Social Sharebar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability	nomaniplex	Easy Social Sharebar	Medium	6.5	2024-11-19 16:31:43	Deep Dive
CVE-2022-4974	Freemius SDK <= 2.4.2 - Missing Authorization Checks	dashlabsltd	YASR – Yet Another Star Rating Plugin for WordPress	Medium	6.3	2024-10-16 06:43:30	Deep Dive
CVE-2024-8729	Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting	brianbrey	Easy Social Share Buttons	Medium	6.1	2024-10-10 02:06:11	Deep Dive
CVE-2024-3113	FormFlow < 2.12.2 - Admin+ Stored XSS	Unknown	FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection	-	-	2024-07-30 06:00:06	Deep Dive
CVE-2024-31307	WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability	appscreo	Easy Social Share Buttons	Medium	6.3	2024-06-09 18:08:07	Deep Dive
CVE-2024-5224	Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	johnnash1975	Easy Social Like Box – Popup – Sidebar Widget	Medium	6.4	2024-06-06 02:03:00	Deep Dive
CVE-2024-31300	WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability	appscreo	Easy Social Share Buttons	High	8.5	2024-05-17 08:54:58	Deep Dive
CVE-2024-1219	Easy Social Feed < 6.5.6 - Contributor+ Stored XSS	Unknown	Easy Social Feed	-	-	2024-04-17 05:00:02	Deep Dive
CVE-2024-30526	WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability	Easy Social Feed	Easy Social Feed	Medium	4.3	2024-03-31 18:33:10	Deep Dive
CVE-2024-30180	WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability	Easy Social Feed	Easy Social Feed	Medium	6.5	2024-03-27 11:26:38	Deep Dive
CVE-2024-30196	WordPress Easy Social Share Buttons plugin <= 9.4 - Reflected Cross Site Scripting (XSS) vulnerability	Appscreo	Easy Social Share Buttons	High	7.1	2024-03-27 06:37:02	Deep Dive
CVE-2024-1278	Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	sjaved	Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	Medium	6.4	2024-03-12 23:33:51	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List