Browse all 3 CVE security advisories affecting WP Socio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Socio is a WordPress plugin designed to integrate social media feeds and sharing functionality into websites. Historically, the plugin has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and sanitization. The plugin has accumulated three CVE records to date, with vulnerabilities primarily affecting authenticated users and sometimes allowing privilege escalation. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in its history indicates a need for careful implementation and regular updates by users to maintain secure website environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23807 | WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability — WP Telegram Widget and Join LinkCWE-79 | 7.1 | High | 2026-03-25 |
| CVE-2025-68589 | WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability — WP Telegram Widget and Join LinkCWE-862 | 5.3 | Medium | 2025-12-24 |
| CVE-2024-43309 | WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability — WP Telegram Widget and Join LinkCWE-79 | 6.5 | Medium | 2024-08-18 |
This page lists every published CVE security advisory associated with WP Socio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.