cleantalk
Vulnerabilities and Security Researches

Advanced Sermons, CVE-2024-7599

CVE, Research URL

CVE-2024-7599

Home page URL

Security reports for Advanced Sermons

Application

Advanced Sermons

Published on
Sep 06, 2024
Research Description
The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.4.
Status
vulnerable
Previous vulnerability researches
Advanced Sermons (CVE-2024-7599) , Sep 07, 2024
Advanced Sermons (CVE-2024-50458) , Oct 28, 2024
Advanced Sermons (CVE-2025-49863) , Jun 15, 2025
Advanced Sermons (CVE-2024-27952) , Jun 07, 2024
Advanced Sermons (CVE-2024-29928) , Jun 07, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025