Wp Telegram Widget And Join Link
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WP Telegram Widget and Join Link WordPress plugin (versions up to 2.2.13) that allows attackers to inject malicious JavaScript code into web pages viewed by other users. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and affects all installations of this plugin running the vulnerable versions. An attacker can craft a malicious URL containing JavaScript payloads that, when clicked by a victim, executes arbitrary code in the victim's browser within the context of the WordPress site, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or KEV status has been published, but Patchstack has documented this vulnerability with a public reference.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.1.27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WP Telegram Widget and Join Link WordPress plugin (versions up to 2.2.13) that allows attackers to inject malicious JavaScript code into web pages viewed by other users. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and affects all installations of this plugin running the vulnerable versions. An attacker can craft a malicious URL containing JavaScript payloads that, when clicked by a victim, executes arbitrary code in the victim's browser within the context of the WordPress site, potentially leading to session hijacking, credential theft, or malware distribution. No CVSS score, EPSS data, or KEV status has been published, but Patchstack has documented this vulnerability with a public reference.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.1.27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.