Sign in Get started

← All vendors

Vendor

Leechesnutt

Sign in to watch

Products

2

CVEs

2

Across products

2

Status

Private

Products

2

Slick Contact Forms
1 CVE
Slick Social Share Buttons
1 CVE

Recent CVEs

2

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2023-6878	Hig	0.57	8.8	0.00		Jan 11, 2024	The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.
CVE-2023-5468	Med	0.42	6.4	0.00		Oct 10, 2023	The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.