Vulnerabilities and security researches forquotes-llama quotes-llama
Direction: ascendingJun 07, 2024
Quotes llama # CVE-2022-1566
- CVE, Research URL
- Home page URL
- Application
- Date
- May 30, 2022
- Research Description
- The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 25, 2024
Quotes llama # CVE-2024-10874
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 23, 2024
- Research Description
- The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Feb 26, 2025
Quotes llama # CVE-2025-27307
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 24, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama allows Reflected XSS. This issue affects Quotes llama: from n/a through 3.0.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 03, 2025
Quotes llama # CVE-2025-30786
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama allows DOM-Based XSS. This issue affects Quotes llama: from n/a through 3.1.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable