### Vulnerability Overview - **Vulnerability Name**: Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed - **Vulnerability Type**: Stored Cross-Site Scripting - **CVSS Score**: 6.4 - **Description**: The Social Post Embed plugin for WordPress, versions 2.0.1 and below, contains a stored cross-site scripting vulnerability. This issue arises from insufficient input sanitization and output escaping of user-supplied URLs. As a result, authenticated attackers with Contributor-level privileges or higher can exploit this vulnerability. ### Impact Scope - **Affected Versions**: <= 2.0.1 - **Affected Software**: Social Post Embed plugin - **Affected Platform**: WordPress ### Remediation - **Fixed Version**: 2.0.2 - **Recommended Action**: Upgrade to version 2.0.2 or later to remediate this vulnerability. ### Additional Information - **Last Updated**: April 28, 2026 - **Researcher**: Issu - **Related Links**: - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org/) ### Sharing Options - This vulnerability information can be shared via Facebook, Twitter, LinkedIn, and Email. ### Disclaimer - This record contains copyrighted material owned by Defiant Inc. and The MITRE Corporation. ### Contact Information - If there are any errors or additional information is needed, please contact: info-support@wordfence.com ### Business Hours - Weekdays: 9am–8pm ET, 6am–5pm PT, and 2pm–1am UTC/GMT (excluding weekends and holidays) - Response Time: 24-hour support, year-round, with a 1-hour response time ### Terms of Service - Terms of Service, Privacy Policy, and Notice Collection; we do not sell or share your personal information ### Social Media - Follow Wordfence on Twitter, Facebook, YouTube, and Instagram ### Products and Support - **Products**: Wordfence Free, Wordfence Premium, Wordfence Care, Wordfence Response, Wordfence CLI, Wordfence Intelligence, Wordfence Central - **Support**: Documentation, Learning Center, Free Support, Premium Support - **News**: Blog, In The News, Vulnerability Advisories - **About**: About Wordfence, Affiliate Program, Employment, Contact, Security, CVE Request Form ### Subscribe for Updates - Subscribe to Wordfence’s mailing list to receive the latest security updates and vulnerability information ### Copyright Information - © 2012–2026 Defiant Inc. All Rights Reserved ### Other - The Wordfence Intelligence logo and link are located at the bottom of the page --- **Note**: No specific POC code or exploitation code is provided on the page.