Vulnerabilities and security researches forwpshopgermany-protectedshops wpshopgermany-protectedshops

Jun 07, 2024

CVE, Research URL: CVE-2023-39919
Home page URL: Security reports for wpShopGermany – Protected Shops
Application: wpShopGermany – Protected Shops
Date: Sep 04, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany – Protected Shops plugin <= 2.0 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 4e388930334fd37c3c53d869b323bd9ab7a27623
Home page URL: Security reports for wpShopGermany – Protected Shops
Application: wpShopGermany – Protected Shops
Date: Jul 31, 2023
Research Description: wpShopGermany – Protected Shops [wpshopgermany-protectedshops] < 2.1 wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting The wpShopGermany - Protected Shops plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable