CVE-2024-1219

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1219

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

T

he Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

References
Link Resource
https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:free:wordpress:*:*
History

08 May 2025, 20:32

Type Values Removed Values Added
First Time Easysocialfeed
Easysocialfeed easy Social Feed
CPE cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:free:wordpress:*:*
References () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ - () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ - Exploit, Third Party Advisory

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ - () https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/ -

03 Jul 2024, 01:45

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
Information

Published : 2024-04-17 05:15

Updated : 2025-05-08 20:32

NVD link : CVE-2024-1219

Mitre link : CVE-2024-1219

CVE.ORG link : CVE-2024-1219

JSON object : View

Products Affected

easysocialfeed

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')