Vulnerabilities and security researches forsimple-spoiler simple-spoiler

Jun 07, 2024

CVE, Research URL: CVE-2024-35639
Home page URL: Security reports for Simple Spoiler
Application: Simple Spoiler
Date: Jun 03, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2.
Affected versions: Min -, max -.
Status: vulnerable

Sep 15, 2024

CVE, Research URL: CVE-2024-8479
Home page URL: Security reports for Simple Spoiler
Application: Simple Spoiler
Date: Sep 14, 2024
Research Description: The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: Min -, max -.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-31020
Home page URL: Security reports for Simple Spoiler
Application: Simple Spoiler
Date: Apr 09, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4.
Affected versions: Min -, max -.
Status: vulnerable