Vulnerabilities and security researches forhm-cool-author-box-widget hm-cool-author-box-widget

Jun 06, 2024

CVE, Research URL: fbeb6eb681ba1e4d98291e58119ab2ce3efdce86
Home page URL: Security reports for Cool Author Box – For Widget and Post Content
Application: Cool Author Box – For Widget and Post Content
Date: Jul 18, 2023
Research Description: Cool Author Box – For Widget and Post Content [hm-cool-author-box-widget] < 2.9.6 WordPress Cool Author Box - For Widget and Post Content Plugin <= 2.9.5 is vulnerable to Cross Site Scripting (XSS) No patched version available. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Cool Author Box - For Widget and Post Content Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30830
Home page URL: Security reports for Cool Author Box – For Widget and Post Content
Application: Cool Author Box – For Widget and Post Content
Date: Mar 27, 2025
Research Description: Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47447
Home page URL: Security reports for Cool Author Box – For Widget and Post Content
Application: Cool Author Box – For Widget and Post Content
Date: May 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0.
Affected versions: Min -, max -.
Status: vulnerable