Vulnerabilities and security researches forcloak-front-end-email cloak-front-end-email

Jun 07, 2024

CVE, Research URL: CVE-2023-0150
Home page URL: Security reports for Cloak Front End Email
Application: Cloak Front End Email
Date: Feb 07, 2023
Research Description: The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

Apr 19, 2025

CVE, Research URL: CVE-2025-26968
Home page URL: Security reports for Cloak Front End Email
Application: Cloak Front End Email
Date: Apr 17, 2025
Research Description: Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
Affected versions: Min -, max -.
Status: vulnerable