Vulnerabilities and security researches forsnow-storm snow-storm

Mar 22, 2025

CVE, Research URL: b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3
Home page URL: Security reports for Snow Storm
Application: Snow Storm
Date: -
Research Description: Snow Storm [snow-storm] < 1.4.7 Snow Storm <= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting The Snow Storm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Apr 05, 2025

CVE, Research URL: CVE-2025-30858
Home page URL: Security reports for Snow Storm
Application: Snow Storm
Date: Apr 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6.
Affected versions: Min -, max -.
Status: vulnerable