Medium severity6.4NVD Advisory· Published Oct 10, 2024· Updated Jun 17, 2026
CVE-2024-9057
CVE-2024-9057
Description
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:curator:curator.io:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:curator:curator.io:*:*:*:*:*:wordpress:*:*range: <=1.9
- (no CPE)range: <=1.9.1
Patches
Vulnerability mechanics
References
4- www.wordfence.com/threat-intel/vulnerabilities/id/953d64f2-a514-48e9-9ab3-f9a793ad953anvdThird Party Advisory
- wordpress.org/plugins/curatorio/nvdProductRelease Notes
- plugins.trac.wordpress.org/changesetnvd
- plugins.trac.wordpress.org/changesetnvd
News mentions
0No linked articles in our index yet.