The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Social Post Embed WordPress plugin versions up to 2.0.1 contains a Stored XSS vulnerability in the Threads embed handler due to insufficient input sanitization. Authenticated users with Contributor access can inject malicious scripts that execute when pages are viewed by other users.
يحتوي مكون Social Post Embed للووردبريس على ثغرة XSS مخزنة في معالج Threads بسبب عدم كفاية تنقية المدخلات والمخرجات. يمكن للمستخدمين المصرح لهم على مستوى المساهم أو أعلى حقن نصوص برمجية ضارة تُنفذ عند وصول المستخدمين إلى الصفحات المصابة.
The Social Post Embed WordPress plugin versions up to 2.0.1 contains a Stored XSS vulnerability in the Threads embed handler due to insufficient input sanitization. Authenticated users with Contributor access can inject malicious scripts that execute when pages are viewed by other users.
Update the Social Post Embed plugin to version 2.0.2 or later immediately. Review and audit all pages and posts for suspicious embedded content. Restrict Contributor-level permissions to trusted users only. Implement Web Application Firewall rules to detect and block XSS payloads.
قم بتحديث مكون Social Post Embed إلى الإصدار 2.0.2 أو أحدث فوراً. راجع وتدقيق جميع الصفحات والمنشورات للبحث عن محتوى مريب. قيد صلاحيات مستوى المساهم للمستخدمين الموثوقين فقط. طبق قواعد جدار حماية تطبيقات الويب للكشف عن حمولات XSS وحجبها.