- Published on
-
Jan 11, 2025
- Research Description
-
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max 1.5.1.
New vulnerability |
The Ultimate WordPress Toolkit – WP Extended
(CVE-2024-13184)
, Jan 20, 2025
|
WP Abstracts
(CVE-2024-12385)
, Jan 20, 2025
|
Ad Blocking Detector
(CVE-2025-22732)
, Jan 19, 2025
|
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
(CVE-2024-12071)
, Jan 19, 2025
|
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)
(CVE-2025-22710)
, Jan 19, 2025
|