cleantalk
Vulnerabilities and Security Researches

ClimateClick: Climate Action for all, c22957a9a1a92e10cec86643e398f4d72bb249fb

CVE, Research URL

c22957a9a1a92e10cec86643e398f4d72bb249fb

Home page URL

Security reports for ClimateClick: Climate Action for all

Application

ClimateClick: Climate Action for all

Published on
May 31, 2022
Research Description
ClimateClick: Climate Action for all [co2ok-for-woocommerce] < 1.0.9.22 CO2ok: carbon offsetting for e-commerce <= 1.0.9.21 - Cross-Site Scripting The plugin CO2ok: carbon offsetting for e-commerce is vulnerable to Cross-Site Scripting via the several parameters in versions up to, and including, 1.0.9.21 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.0.9.22.
Status
vulnerable
Previous vulnerability researches
SV Gravity Forms Enhancer (CVE-2023-33999) , Jun 13, 2026
SV Gravity Forms Enhancer (d51fbce885ea68dceb0e24e7a5d84b19546d1fed) , Jun 07, 2024
SV Gravity Forms Enhancer (72239873c6734da8620cd9143053080a3323ea2c) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026