cleantalk
Vulnerabilities and Security Researches

Snow Storm, b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3

CVE, Research URL

b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3

Home page URL

Security reports for Snow Storm

Application

Snow Storm

Published on
-
Research Description
Snow Storm [snow-storm] < 1.4.7 Snow Storm &lt;= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting The Snow Storm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.4.7.
Status
vulnerable
Previous vulnerability researches
Snow Storm (b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3) , Mar 22, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025
New vulnerability
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025
Widgetize Pages Light (CVE-2025-32117) , Apr 09, 2025