Vulnerabilities and security researches foradd-hierarchy-parent-to-post add-hierarchy-parent-to-post

Jun 07, 2024

CVE, Research URL: 7e949cf0-63d4-49b0-a81c-e778b3a2d837
Home page URL: Security reports for Add Hierarchy (parent) to post
Application: Add Hierarchy (parent) to post
Date: -
Research Description: Add Hierarchy (parent) to post [add-hierarchy-parent-to-post] < 3.13 Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions: max 3.13.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 320e5a0515ace557d12b1b4deb599baed0ee97bc
Home page URL: Security reports for Add Hierarchy (parent) to post
Application: Add Hierarchy (parent) to post
Date: Aug 01, 2022
Research Description: Add Hierarchy (parent) to post [add-hierarchy-parent-to-post] < 3.13 Add Hierarchy (parent) to post <= 3.12 - Reflected Cross-Site Scripting The Add Hierarchy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.12 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.13.
Status: vulnerable