cleantalk
Vulnerabilities and Security Researches

Built-in Widgets Query extend (Custom Post Types & more), 7e949cf0-63d4-49b0-a81c-e778b3a2d837

CVE, Research URL

7e949cf0-63d4-49b0-a81c-e778b3a2d837

Home page URL

Security reports for Built-in Widgets Query extend (Custom Post Types & more)

Application

Built-in Widgets Query extend (Custom Post Types & more)

Published on
-
Research Description
Built-in Widgets Query extend (Custom Post Types &amp; more) [widget-extend-builtin-query] < 1.06 Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions
max 1.06.
Status
vulnerable
Previous vulnerability researches
Debug Bar &#8211; Enable WP_DEBUG from admin dashboard (7e949cf0-63d4-49b0-a81c-e778b3a2d837) , Jun 07, 2024
Debug Bar &#8211; Enable WP_DEBUG from admin dashboard (ab5bf8f0b6e5857005818027b088dbbda4126789) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026