cleantalk
Vulnerabilities and Security Researches

Open Graph and Twitter Card Tags, d2a6c41972461397c4b4fbb3e37ca688b3cdcef4

CVE, Research URL

d2a6c41972461397c4b4fbb3e37ca688b3cdcef4

Home page URL

Security reports for Open Graph and Twitter Card Tags

Application

Open Graph and Twitter Card Tags

Published on
Jun 27, 2018
Research Description
Open Graph and Twitter Card Tags [wonderm00ns-simple-facebook-open-graph-tags] < 2.2.4.2 Open Graph and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting The Open Graph and Twitter Card Tags plugin for WordPress is vulnerable to Cross-Site Scripting via the ‘img’ parameter in versions up to, and including, 2.2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.2.4.2.
Status
vulnerable
Previous vulnerability researches
Open Graph and Twitter Card Tags (CVE-2018-0579) , Jun 07, 2024
Open Graph and Twitter Card Tags (891309bc-6353-4a91-bcfe-4864df258913) , Jun 16, 2026
Open Graph and Twitter Card Tags (94d86780b701970829bbefba21941f3d698e59be) , Jun 16, 2026
Open Graph and Twitter Card Tags (d2a6c41972461397c4b4fbb3e37ca688b3cdcef4) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026