cleantalk

Vulnerabilities and Security Researches

Security report for CVE Aklamator INfeed > CVE-2024-12717

CVE, Research URL

CVE-2024-12717

Home page URL

Security reports for Aklamator INfeed

Application

Aklamator INfeed

Published on
Jan 09, 2025
Research Description
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Aklamator INfeed (CVE-2024-12731) , Jan 11, 2025
Aklamator INfeed (CVE-2024-12717) , Jan 11, 2025
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025