This page lists publicly disclosed CVE vulnerabilities affecting catchsquare wp_social_widget (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-57981 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3.1. | [email protected] | 6.5 | 0.04% | 2025-09-22 | 2026-04-23 |
| CVE-2025-49306 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3. | [email protected] | 6.5 | 0.13% | 2025-06-06 | 2026-04-23 |
| CVE-2025-30610 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.2.7. | [email protected] | 6.5 | 0.07% | 2025-03-24 | 2026-04-23 |
| CVE-2024-27189 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5. | [email protected] | 6.5 | 0.08% | 2024-03-15 | 2026-04-28 |
| CVE-2023-0074 | The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.25% | 2023-01-30 | 2025-03-27 |