Vulnerabilities and security researches forcmyee-momentopress cmyee-momentopress

Jun 07, 2024

CVE, Research URL: 1d51ec84e92b349edd4438d4b1cb5874a6b7594c
Home page URL: Security reports for MomentoPress for Momento360
Application: MomentoPress for Momento360
Date: Oct 23, 2023
Research Description: MomentoPress for Momento360 [cmyee-momentopress] < 1.0.2 MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode The MomentoPress for Momento360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-46782
Home page URL: Security reports for MomentoPress for Momento360
Application: MomentoPress for Momento360
Date: Nov 06, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.
Affected versions: Min -, max -.
Status: vulnerable