Vulnerabilities and security researches forwp-spreadplugin wp-spreadplugin

Jun 07, 2024

CVE, Research URL: CVE-2015-10132
Home page URL: Security reports for WP-Spreadplugin
Application: WP-Spreadplugin
Date: Apr 22, 2024
Research Description: A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 30642d34168a911aef3848a829319cf4979d948d
Home page URL: Security reports for WP-Spreadplugin
Application: WP-Spreadplugin
Date: Apr 21, 2015
Research Description: WP-Spreadplugin [wp-spreadplugin] < 3.8.6.2 WP SpreadPlugin < 3.8.6.2 - Cross-Site Scripting The WP SpreadPlugin plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.8.6.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2024-49266
Home page URL: Security reports for WP-Spreadplugin
Application: WP-Spreadplugin
Date: Oct 16, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9.
Affected versions: Min -, max -.
Status: vulnerable