cleantalk
Vulnerabilities and Security Researches

Quotes llama, CVE-2024-10874

CVE, Research URL

CVE-2024-10874

Home page URL

Security reports for Quotes llama

Application

Quotes llama

Published on
Nov 23, 2024
Research Description
The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.0.0.
Status
vulnerable
Previous vulnerability researches
Quotes llama (CVE-2025-27307) , Feb 26, 2025
Quotes llama (CVE-2024-10874) , Nov 25, 2024
Quotes llama (CVE-2022-1566) , Jun 07, 2024
Quotes llama (CVE-2025-30786) , Apr 03, 2025
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025