cleantalk
Vulnerabilities and Security Researches

SmokeSignal, b9ce36fb8178918a41644c91829cd9c2f2502684

CVE, Research URL

b9ce36fb8178918a41644c91829cd9c2f2502684

Home page URL

Security reports for SmokeSignal

Application

SmokeSignal

Published on
Sep 02, 2017
Research Description
SmokeSignal [smokesignal] < 1.2.7 Smoke Signal < 1.2.7 - Authenticated Stored Cross-Site Scripting The Smoke Signal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text’ parameter in versions before 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with low level privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.7.
Status
vulnerable
Previous vulnerability researches
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2024-13362) , May 03, 2026
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (067b21bad31febc63c1cd2b3a0a852869e1df9cc) , Jun 06, 2024
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2022-4749) , Jun 06, 2024
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (e7273a52d37b10c428e20c81e144ab0d172f52c8) , Jun 16, 2026
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (CVE-2024-23502) , Jun 06, 2024
New vulnerability
Ivory Search &#8211; WordPress Search Plugin (2427187f78f0cce23c52cabddb6a79e5816f0ef4) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (33fe51097267191ced2251c46ec03e986ca8cd29) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (2e31275da5e5f6960dafe613ce8416ccd9d3ae32) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (0262969171706d2e0a213940a438c6706b666e71) , Jun 16, 2026
Membership Plugin &#8211; Restrict Content (35996c26d39e9adbf33cf8c16f28fb76b822949e) , Jun 16, 2026