cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches formodern-footnotes modern-footnotes

Direction: ascending
Jun 07, 2024

Modern Footnotes # CVE-2023-5618

CVE, Research URL

CVE-2023-5618

Home page URL

Security reports for Modern Footnotes

Application

Modern Footnotes

Date
Oct 20, 2023
Research Description
The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.4.17.
Status
vulnerable

Modern Footnotes # 0b5ebde6e3911eb9a465fb483c3a9f7d473a5294

CVE, Research URL

0b5ebde6e3911eb9a465fb483c3a9f7d473a5294

Home page URL

Security reports for Modern Footnotes

Application

Modern Footnotes

Date
Mar 14, 2023
Research Description
Modern Footnotes [modern-footnotes] < 1.4.16 Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 1.4.16.
Status
vulnerable

Modern Footnotes # CVE-2023-28423

CVE, Research URL

CVE-2023-28423

Home page URL

Security reports for Modern Footnotes

Application

Modern Footnotes

Date
Jun 22, 2023
Research Description
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.
Affected versions
max 1.4.16.
Status
vulnerable
Jun 24, 2025

Modern Footnotes # CVE-2025-50049

CVE, Research URL

CVE-2025-50049

Home page URL

Security reports for Modern Footnotes

Application

Modern Footnotes

Date
Jun 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19.
Affected versions
max 1.4.19.
Status
vulnerable