cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foruber-grid uber-grid

Direction: ascending
Oct 19, 2024

WordPress Portfolio Builder – Portfolio Gallery # CVE-2024-49302

CVE, Research URL

CVE-2024-49302

Home page URL

Security reports for WordPress Portfolio Builder – Portfolio Gallery

Application

WordPress Portfolio Builder – Portfolio Gallery

Date
Oct 18, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.
Affected versions
Min -, max -.
Status
vulnerable
Dec 03, 2024

WordPress Portfolio Builder – Portfolio Gallery # CVE-2024-53788

CVE, Research URL

CVE-2024-53788

Home page URL

Security reports for WordPress Portfolio Builder – Portfolio Gallery

Application

WordPress Portfolio Builder – Portfolio Gallery

Date
Dec 01, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.
Affected versions
Min -, max -.
Status
vulnerable
Feb 21, 2025

WordPress Portfolio Builder – Portfolio Gallery # CVE-2024-13231

CVE, Research URL

CVE-2024-13231

Home page URL

Security reports for WordPress Portfolio Builder – Portfolio Gallery

Application

WordPress Portfolio Builder – Portfolio Gallery

Date
Feb 19, 2025
Research Description
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery.
Affected versions
Min -, max -.
Status
vulnerable
May 14, 2025

WordPress Portfolio Builder – Portfolio Gallery # CVE-2025-1757

CVE, Research URL

CVE-2025-1757

Home page URL

Security reports for WordPress Portfolio Builder – Portfolio Gallery

Application

WordPress Portfolio Builder – Portfolio Gallery

Date
Feb 28, 2025
Research Description
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable