Vulnerabilities > 10Web > 10Web Social Post Feed > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-9607 | Cross-site Scripting vulnerability in 10Web Social Post Feed The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. | 6.1 |
| 2023-06-05 | CVE-2023-2503 | Unspecified vulnerability in 10Web Social Post Feed The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |