Skip to main content

Social Slider Feed

1 CVEs product

Monthly

CVE-2026-39507 HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the Social Slider Feed WordPress plugin (versions ≤ 2.3.2, developed by ThemeIsle) allows remote attackers to inject malicious JavaScript that executes in a victim's browser after user interaction. The flaw was reported by Patchstack and tracked as EUVD-2026-36949; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Because exploitation crosses a privilege boundary (S:C) and requires only a user clicking a crafted link, it is a realistic phishing/account-takeover vector against WordPress sites running the plugin.

XSS Social Slider Feed
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the Social Slider Feed WordPress plugin (versions ≤ 2.3.2, developed by ThemeIsle) allows remote attackers to inject malicious JavaScript that executes in a victim's browser after user interaction. The flaw was reported by Patchstack and tracked as EUVD-2026-36949; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Because exploitation crosses a privilege boundary (S:C) and requires only a user clicking a crafted link, it is a realistic phishing/account-takeover vector against WordPress sites running the plugin.

XSS Social Slider Feed
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy