| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-6067 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2025-09-06 01:47:27 | Deep Dive |
| CVE-2025-4583 | Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute | https://profiles.wordpress.org/smub/ | Smash Balloon Instagram Feed Pro | Medium | 5.4 | 2025-05-29 04:23:08 | Deep Dive |
| CVE-2023-48740 | WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability | Sajid Javed | Easy Social Feed | 中危 | - | 2024-12-09 11:30:27 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-1219 | Easy Social Feed < 6.5.6 - Contributor+ Stored XSS | Unknown | Easy Social Feed | - | - | 2024-04-17 05:00:02 | Deep Dive |
| CVE-2024-30526 | WordPress Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin <= 6.5.6 - Cross Site Request Forgery (CSRF) vulnerability | Easy Social Feed | Easy Social Feed | Medium | 4.3 | 2024-03-31 18:33:10 | Deep Dive |
| CVE-2024-30180 | WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability | Easy Social Feed | Easy Social Feed | Medium | 6.5 | 2024-03-27 11:26:38 | Deep Dive |
| CVE-2024-1214 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1278 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1213 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 5.4 | 2024-03-12 23:33:50 | Deep Dive |
| CVE-2023-6883 | Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-01-11 06:49:33 | Deep Dive |
| CVE-2022-4474 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS | Unknown | Easy Social Feed | 中危 | - | 2023-01-23 14:31:38 | Deep Dive |
| CVE-2021-25120 | Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting | Unknown | Easy Social Feed Pro | 中危 | - | 2022-04-18 17:10:26 | Deep Dive |