cleantalk
Vulnerabilities and Security Researches

WP OER, 41a2f0929035b1fd78991004b5d7fafca667f9cd

CVE, Research URL

41a2f0929035b1fd78991004b5d7fafca667f9cd

Home page URL

Security reports for WP OER

Application

WP OER

Published on
Jun 17, 2022
Research Description
WP OER [wp-oer] < 0.9.1 WP OER <= 0.9.0 - Cross-Site Scripting The WP OER plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 0.9.1.
Status
vulnerable
Previous vulnerability researches
WP OER (41a2f0929035b1fd78991004b5d7fafca667f9cd) , Jun 07, 2024
SS Quiz (d3765e4a45c0d6edfafdf1ac33018406cbb14a92) , Jun 06, 2024
FeedWordPress Advanced Filters (CVE-2025-68843) , Feb 27, 2026
Login with Azure (Azure SSO) (c6ed33faf4d01e26dafb51a8006cc4f1d3df0c89) , Jun 07, 2024
Headline Analyzer (1a06b2d9fafa72a3ffd3da92198a28b07fd3b87d) , Jun 07, 2024
New vulnerability
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026
Bold Page Builder (CVE-2025-12159) , Feb 28, 2026