cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foraccordions accordions

Direction: ascending
Jun 06, 2024

Accordion # CVE-2021-24283

CVE, Research URL

CVE-2021-24283

Home page URL

Security reports for Accordion

Application

Accordion

Date
May 14, 2021
Research Description
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
Affected versions
Min -, max -.
Status
vulnerable

Accordion # CVE-2020-13644

CVE, Research URL

CVE-2020-13644

Home page URL

Security reports for Accordion

Application

Accordion

Date
May 28, 2020
Research Description
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.
Affected versions
Min -, max -.
Status
vulnerable

Accordion # CVE-2024-1641

CVE, Research URL

CVE-2024-1641

Home page URL

Security reports for Accordion

Application

Accordion

Date
Apr 10, 2024
Research Description
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.
Affected versions
Min -, max -.
Status
vulnerable
Oct 01, 2024

Accordion # CVE-2024-47342

CVE, Research URL

CVE-2024-47342

Home page URL

Security reports for Accordion

Application

Accordion

Date
Oct 06, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99.
Affected versions
Min -, max -.
Status
vulnerable
Apr 13, 2025

Accordion # CVE-2025-32143

CVE, Research URL

CVE-2025-32143

Home page URL

Security reports for Accordion

Application

Accordion

Date
Apr 11, 2025
Research Description
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10.
Affected versions
Min -, max -.
Status
vulnerable