cleantalk
Vulnerabilities and Security Researches

Support Ticket, CVE-2025-49422

CVE, Research URL

CVE-2025-49422

Home page URL

Security reports for Support Ticket

Application

Support Ticket

Published on
Aug 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1.
Affected versions
Min -, max 1.9.
Status
vulnerable
Previous vulnerability researches
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-49757) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2024-24716) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-48324) , Jun 10, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2024-54289) , Dec 15, 2024
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2023-49857) , Dec 15, 2024
New vulnerability
Video Gallery – Vimeo and YouTube Gallery (CVE-2025-48349) , Aug 24, 2025
Яндекс.ПДС Пингер / Yandex Site search pinger (CVE-2025-48352) , Aug 24, 2025
Link View (CVE-2025-49039) , Aug 24, 2025
WP Fast Total Search – The Power of Indexed Search (CVE-2025-57893) , Aug 24, 2025
Recurring PayPal Donations (CVE-2025-57891) , Aug 24, 2025