VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Jun 21, 2024

Social Media Widget Vulnerabilities

Review known vulnerability records for the WordPress plugin Social Media Widget (`social-media-widget`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-0974 and CVE-2013-1949, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
1
Patch Coverage
100%
Last Updated
Jul 08, 2024
Priority CVE Quick Links

Fast paths into Social Media Widget CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
2
CVE-2013-1949 Critical 4.0.1
CVE-2013-1949 Social Media Widget Arbitrary File Upload

Social Media Widget <= 4.0 - Arbitrary File Upload

CVE-2024-0974 Medium 4.0.9
CVE-2024-0974 Social Media Widget Stored Cross-Site Scripting

Social Media Widget <= 4.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Social Media Widget so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2024-0974 and CVE-2013-1949
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Medium Patch path listed

Social Media Widget 4.0 - Spam Link Injection

The Social Media Widget plugin for WordPress is vulnerable to Spam Link Injection in version 4.0. This is due to a hidden call to an external link which makes it possible for spam to be inje...

Published
Apr 09, 2013
Patch Status
4.0.1
Open Full Report
Known Vulnerabilities

Reports for Social Media Widget

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-0974
CVE-2024-0974: Social Media Widget <= 4.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The Social Media Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "VK URL" field in all versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admini...

Published
Jun 21, 2024
Patched Release
4.0.9
Affected Versions
Versions up to 4.0.8
Next Step
Update to 4.0.9 or newer if supported.
Open CVE-2024-0974 Report Open CVE Reference
Plugin Medium Patched: Yes
Social Media Widget 4.0 - Spam Link Injection

The Social Media Widget plugin for WordPress is vulnerable to Spam Link Injection in version 4.0. This is due to a hidden call to an external link which makes it possible for spam to be injected into the affected site.

Published
Apr 09, 2013
Patched Release
4.0.1
Affected Versions
4.0 through 4.0
Next Step
Update to 4.0.1 or newer if supported.
Open Full Report
Plugin Critical Patched: Yes CVE-2013-1949
CVE-2013-1949: Social Media Widget <= 4.0 - Arbitrary File Upload

Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files.

Published
Apr 08, 2013
Patched Release
4.0.1
Affected Versions
Versions up to 4.0
Next Step
Update to 4.0.1 or newer if supported.
Open CVE-2013-1949 Report Open CVE Reference