Cross-site Scripting Vulnerability in WP Social Widget by Catchsquare
CVE-2025-30610

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Social Widget
Vendor: CVE Published:; 24 March 2025

What is CVE-2025-30610?

A security vulnerability in the WP Social Widget by Catchsquare allows for stored cross-site scripting (XSS) attacks. This flaw arises from improper input neutralization during web page generation, potentially enabling attackers to inject malicious scripts that can be executed in the browser of unsuspecting users. Affected versions range from n/a through 2.2.6, exposing users to a higher risk of data theft, account compromise, and other malicious activities.

Affected Version(s)

WP Social Widget <= 2.2.6

References

https://patchstack.com/database/wordpress/plugin/wp-socia...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Mar 24, 2025

Credit

muhammad yudha (Patchstack Alliance)