cleantalk
Vulnerabilities and Security Researches

Gosign – Posts Slider Block, CVE-2024-13399

CVE, Research URL

CVE-2024-13399

Home page URL

Security reports for Gosign – Posts Slider Block

Application

Gosign – Posts Slider Block

Published on
Jan 31, 2025
Research Description
The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.1.0.
Status
vulnerable
Previous vulnerability researches
Gosign – Posts Slider Block (CVE-2025-31891) , Apr 03, 2025
Gosign – Posts Slider Block (CVE-2024-13399) , Feb 01, 2025
New vulnerability
Royal Elementor Addons and Templates (CVE-2025-26990) , Apr 16, 2025
TS Poll – Best Poll Plugin for WordPress (CVE-2025-3470) , Apr 16, 2025
Contact Form 7 (CVE-2025-3247) , Apr 16, 2025
Logo Carousel Gutenberg Block (CVE-2025-2083) , Apr 16, 2025
My auctions allegro (CVE-2025-27009) , Apr 16, 2025