cleantalk
Vulnerabilities and Security Researches

SmokeSignal, b9ce36fb8178918a41644c91829cd9c2f2502684

CVE, Research URL

b9ce36fb8178918a41644c91829cd9c2f2502684

Home page URL

Security reports for SmokeSignal

Application

SmokeSignal

Published on
Sep 02, 2017
Research Description
SmokeSignal [smokesignal] < 1.2.7 Smoke Signal < 1.2.7 - Authenticated Stored Cross-Site Scripting The Smoke Signal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text’ parameter in versions before 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with low level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.7.
Status
vulnerable
Previous vulnerability researches
MapifyLite (by MapifyPro) (e5bfd53d-0d9a-42f2-8af8-5bb710bac828) , Jun 16, 2026
MapifyLite (by MapifyPro) (6be590d56cf666ad67a6e008b71242e607d966ea) , Jun 16, 2026
MapifyLite (by MapifyPro) (d7a357e358b4eb001b41f84d3531981914480734) , Jun 07, 2024
New vulnerability
cformsII (57430c59-7e98-4ba4-894b-d7f58d7de531) , Jun 16, 2026
SMTP Mailing Queue (966e6341b0fb8540929f2b28c0340b857e278ef6) , Jun 16, 2026
Fontsampler (c1e4aaff-e68d-4bb3-9f82-31c3a649b41b) , Jun 16, 2026
Database Backup for WordPress (76500127cf56c43a0bd42788147b04161f46bcda) , Jun 16, 2026
Joli FAQ SEO &#8211; WordPress FAQ Plugin (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026