Vulnerabilities and security researches forcool-tag-cloud cool-tag-cloud

Jun 07, 2024

CVE, Research URL: CVE-2021-24682
Home page URL: Security reports for Cool Tag Cloud
Application: Cool Tag Cloud
Date: Nov 01, 2021
Research Description: The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
Affected versions: max 2.26.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-13614
Home page URL: Security reports for Cool Tag Cloud
Application: Cool Tag Cloud
Date: Dec 05, 2025
Research Description: The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.29.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2025-69011
Home page URL: Security reports for Cool Tag Cloud
Application: Cool Tag Cloud
Date: Feb 20, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/a through <= 2.29.
Affected versions: max 2.29.
Status: vulnerable