Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Acurax Subscribe
Filtered by product Social Media Widget
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6357 1 Acurax 1 Social Media Widget 2024-02-04 6.8 MEDIUM 8.8 HIGH
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.