GCVE - cpe:2.3:a:acurax:social_media_widget:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acurax:social_media_widget:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Acurax (`2bee10c9-be45-50b5-baac-3795c3bcdbb7`)
Product	Social Media Widget (`3416d850-cdc0-5e2f-952b-cdd8f1b81d77`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/acurax-social-media-widget`	purl2cpe	2026-06-01 10:17:39.436767

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-6357`	vulnerable	2026-06-03 14:39:00.190515	Details available The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. Published: 2018-01-27T17:00:00.000Z Updated: 2024-09-16T19:35:03.349Z Open on db.gcve.eu Reference links http://lists.openwall.net/full-disclosure/2018/01/10/8 https://wordpress.org/plugins/acurax-social-media-widget/#developers	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.