cleantalk
Vulnerabilities and Security Researches

WP-Spreadplugin, 30642d34168a911aef3848a829319cf4979d948d

CVE, Research URL

30642d34168a911aef3848a829319cf4979d948d

Home page URL

Security reports for WP-Spreadplugin

Application

WP-Spreadplugin

Published on
Apr 21, 2015
Research Description
WP-Spreadplugin [wp-spreadplugin] < 3.8.6.2 WP SpreadPlugin < 3.8.6.2 - Cross-Site Scripting The WP SpreadPlugin plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.8.6.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
Min -, max 3.8.6.2.
Status
vulnerable
Previous vulnerability researches
WP-Spreadplugin (CVE-2015-10132) , Jun 07, 2024
WP-Spreadplugin (30642d34168a911aef3848a829319cf4979d948d) , Jun 07, 2024
WP-Spreadplugin (CVE-2024-49266) , Oct 18, 2024
New vulnerability
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-52836) , Jul 15, 2025
Strong Testimonials (CVE-2025-7367) , Jul 15, 2025
Companion Auto Update (CVE-2025-4369) , Jul 15, 2025
Restrict File Access (CVE-2025-7667) , Jul 15, 2025
Product XML Feed Manager for WooCommerce &#8211; Google Shopping, Social Sites, Skroutz &amp; More (CVE-2025-30959) , Jul 15, 2025