cleantalk
Vulnerabilities and Security Researches

MomentoPress for Momento360, 1d51ec84e92b349edd4438d4b1cb5874a6b7594c

CVE, Research URL

1d51ec84e92b349edd4438d4b1cb5874a6b7594c

Home page URL

Security reports for MomentoPress for Momento360

Application

MomentoPress for Momento360

Published on
Oct 23, 2023
Research Description
MomentoPress for Momento360 [cmyee-momentopress] < 1.0.2 MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode The MomentoPress for Momento360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.0.2.
Status
vulnerable
Previous vulnerability researches
MomentoPress for Momento360 (1d51ec84e92b349edd4438d4b1cb5874a6b7594c) , Jun 07, 2024
MomentoPress for Momento360 (CVE-2023-46782) , Jun 07, 2024
New vulnerability
SKT Skill Bar (CVE-2025-47482) , May 09, 2025
WP Compress &#8211; Image Optimizer [All-In-One] (CVE-2025-47546) , May 09, 2025
Smaily for WP (CVE-2025-47684) , May 09, 2025
SendPulse Email Marketing Newsletter (CVE-2025-47547) , May 09, 2025
Wiki Embed (CVE-2025-47551) , May 09, 2025