cleantalk
Vulnerabilities and Security Researches

Knowledge Base, fc987e789c05f0830b9db07f27df5334dc16c666

CVE, Research URL

fc987e789c05f0830b9db07f27df5334dc16c666

Home page URL

Security reports for Knowledge Base

Application

Knowledge Base

Published on
Jan 03, 2023
Research Description
Knowledge Base [knowledgebase] < 2.1.2 Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via div classes that can be added to blocks in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.1.2.
Status
vulnerable
Previous vulnerability researches
Knowledge Base (CVE-2024-51677) , Nov 05, 2024
Knowledge Base (CVE-2025-5533) , Jun 14, 2025
Knowledge Base (CVE-2025-7431) , Jul 18, 2025
Knowledge Base (fc987e789c05f0830b9db07f27df5334dc16c666) , Jun 07, 2024
New vulnerability
Stop User Enumeration (CVE-2025-4302) , Jul 19, 2025
WP Pipes (CVE-2025-28982) , Jul 19, 2025
LightBox Block (CVE-2025-54051) , Jul 19, 2025
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (CVE-2025-6043) , Jul 19, 2025
Ruven Themes: Shortcodes (CVE-2025-7648) , Jul 19, 2025