Vulnerabilities and security researches forwpzoom-portfolio wpzoom-portfolio

Jun 06, 2024

CVE, Research URL: CVE-2022-4789
Home page URL: Security reports for WPZOOM Portfolio
Application: WPZOOM Portfolio
Date: Jan 23, 2023
Research Description: The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected versions: max 1.2.2.
Status: vulnerable

Sep 01, 2024

CVE, Research URL: CVE-2024-8276
Home page URL: Security reports for WPZOOM Portfolio
Application: WPZOOM Portfolio
Date: Aug 31, 2024
Research Description: The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.4.5.
Status: vulnerable

Jun 12, 2026

CVE, Research URL: CVE-2026-49069
Home page URL: Security reports for WPZOOM Portfolio
Application: WPZOOM Portfolio
Date: Jun 10, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21.
Affected versions: max 1.4.22.
Status: vulnerable