cleantalk
Vulnerabilities and Security Researches

Tainacan, d42c12b6343112f86350eb39724eef87c5ee8cc2

CVE, Research URL

d42c12b6343112f86350eb39724eef87c5ee8cc2

Home page URL

Security reports for Tainacan

Application

Tainacan

Published on
May 24, 2022
Research Description
Tainacan [tainacan] < 0.18.10 Tainacan <= 0.18.9 - Cross-Site Scripting The plugin Tainacan for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.18.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 0.18.10.
Status
vulnerable
Previous vulnerability researches
Tainacan Interface (CVE-2024-3867) , Jun 10, 2024
Tainacan (CVE-2024-4367) , Jul 22, 2024
Tainacan (CVE-2024-9221) , Oct 12, 2024
Tainacan (CVE-2024-7135) , Aug 01, 2024
Tainacan (CVE-2025-47512) , May 25, 2025
New vulnerability
WP Attachments (CVE-2025-5082) , May 29, 2025
Glossary by WPPedia &#8211; Best Glossary plugin for WordPress (CVE-2025-4803) , May 28, 2025
Import Social Events (CVE-2025-48256) , May 28, 2025
MStore API (CVE-2025-4683) , May 28, 2025
WP Statistics , May 27, 2025