cleantalk
Vulnerabilities and Security Researches

Add Hierarchy (parent) to post, 320e5a0515ace557d12b1b4deb599baed0ee97bc

CVE, Research URL

320e5a0515ace557d12b1b4deb599baed0ee97bc

Home page URL

Security reports for Add Hierarchy (parent) to post

Application

Add Hierarchy (parent) to post

Published on
Aug 01, 2022
Research Description
Add Hierarchy (parent) to post [add-hierarchy-parent-to-post] < 3.13 Add Hierarchy (parent) to post <= 3.12 - Reflected Cross-Site Scripting The Add Hierarchy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.12 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.13.
Status
vulnerable
Previous vulnerability researches
GoDaddy Email Marketing (721acd71d13186ecf815419489d4f110132c0d3b) , Jun 16, 2026
GoDaddy Email Marketing (CVE-2016-10903) , Jun 07, 2024
GoDaddy Email Marketing (CVE-2023-49156) , Jun 10, 2024
New vulnerability
Dynamic Widgets (bcd167c7824b22ce28b0a755c39fc633d83acfb4) , Jun 16, 2026
Dynamic Widgets (5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5) , Jun 16, 2026
Dynamic Widgets (4d7faa92-9246-4685-ace9-ed62e555fbde) , Jun 16, 2026
Dynamic Widgets (fd8883125ab10ddf1bfb5cae4dbf4175fb52b317) , Jun 16, 2026
Change WordPress Login Logo (3e38c8a9639b68f093c62b2db41d27500a5cfe59) , Jun 16, 2026