Name of the Vulnerable Software and Affected Versions:

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions through 6.6.7

Description:

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The vulnerable parameters are `data-caption` and `data-linktext`.

Recommendations:

Update Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress to a version later than 6.6.7.