VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Sep 22, 2025

WP Social Widget Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Social Widget (`wp-social-widget`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-57981, CVE-2025-49306 and CVE-2025-30610, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
0
Patch Coverage
100%
Last Updated
Sep 26, 2025
Priority CVE Quick Links

Fast paths into WP Social Widget CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2025-57981 Medium No patch listed
CVE-2025-57981 WP Social Widget Stored Cross-Site Scripting

WP Social Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-49306 Medium 2.3.1
CVE-2025-49306 WP Social Widget Stored Cross-Site Scripting

WP Social Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-30610 Medium 2.2.7
CVE-2025-30610 WP Social Widget Stored Cross-Site Scripting

WP Social Widget <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-27189 Medium 2.2.6
CVE-2024-27189 WP Social Widget Stored Cross-Site Scripting

WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE-2023-0074 Medium 2.2.4
CVE-2023-0074 WP Social Widget Stored Cross-Site Scripting

WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Social Widget so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-57981, CVE-2025-49306 and CVE-2025-30610
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WP Social Widget

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-57981
CVE-2025-57981: WP Social Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

Published
Sep 22, 2025
Patched Release
Not published
Affected Versions
Versions up to 2.3.1
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-57981 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49306
CVE-2025-49306: WP Social Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
Jun 05, 2025
Patched Release
2.3.1
Affected Versions
Versions up to 2.3
Next Step
Update to 2.3.1 or newer if supported.
Open CVE-2025-49306 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-30610
CVE-2025-30610: WP Social Widget <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

Published
Mar 24, 2025
Patched Release
2.2.7
Affected Versions
Versions up to 2.2.6
Next Step
Update to 2.2.7 or newer if supported.
Open CVE-2025-30610 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-27189
CVE-2024-27189: WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

Published
Feb 28, 2024
Patched Release
2.2.6
Affected Versions
Versions up to 2.2.5
Next Step
Update to 2.2.6 or newer if supported.
Open CVE-2024-27189 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-0074
CVE-2023-0074: WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentica...

Published
Jan 06, 2023
Patched Release
2.2.4
Affected Versions
Versions up to 2.2.3
Next Step
Update to 2.2.4 or newer if supported.
Open CVE-2023-0074 Report Open CVE Reference