[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQ3hpoJbNr5Kus7PidZnN7_M74HawC2C3A_GtYIS1hPI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-1c63eaea-0a0f-412b-9f1a-3091de3a653a-instagram-slider-widget","social-slider-feed-missing-authorization-to-cross-site-scripting","Social Slider Feed \u003C= 2.0.4 - Missing Authorization to Cross-Site Scripting","The Social Slider Feed plugin for WordPress is vulnerable to authenticated arbitrary API key update via the YouTube API key in versions up to, and including 2.0.4. This makes it possible for a subscriber-level attacker to change the API key. Proper sanitization is also missing allowing the attacker to inject malicious code that is executed when someone visits an injected page.","instagram-slider-widget",null,"\u003C=2.0.4","2.0.5","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-08-01 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c63eaea-0a0f-412b-9f1a-3091de3a653a?source=api-prod",540]