VYPR

Social Icons Widget & Block

by WordPress

CVEs (2)

  • CVE-2026-4063MedMar 13, 2026
    risk 0.28cvss 4.3epss 0.00

    The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing…

  • CVE-2024-2189May 21, 2024
    risk 0.00cvss epss 0.00

    The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…