cleantalk
Vulnerabilities and Security Researches

Tainacan, d42c12b6343112f86350eb39724eef87c5ee8cc2

CVE, Research URL

d42c12b6343112f86350eb39724eef87c5ee8cc2

Home page URL

Security reports for Tainacan

Application

Tainacan

Published on
May 24, 2022
Research Description
Tainacan [tainacan] < 0.18.10 Tainacan <= 0.18.9 - Cross-Site Scripting The plugin Tainacan for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.18.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 0.18.10.
Status
vulnerable
Previous vulnerability researches
Tainacan Interface (CVE-2024-3867) , Jun 10, 2024
Tainacan (CVE-2024-4367) , Jul 22, 2024
Tainacan (CVE-2024-9221) , Oct 12, 2024
Tainacan (CVE-2024-7135) , Aug 01, 2024
Tainacan (CVE-2024-48040) , May 06, 2025
New vulnerability
Total Donations (CVE-2025-43837) , May 07, 2025
Syndicate Out (CVE-2025-43836) , May 07, 2025
Relevanssi &#8211; A Better Search (CVE-2025-4054) , May 07, 2025
Meta Keywords &amp; Description (CVE-2025-46454) , May 07, 2025
Royal Elementor Addons and Templates (CVE-2024-12120) , May 07, 2025