cleantalk
Vulnerabilities and Security Researches

wpShopGermany – Protected Shops, 4e388930334fd37c3c53d869b323bd9ab7a27623

CVE, Research URL

4e388930334fd37c3c53d869b323bd9ab7a27623

Home page URL

Security reports for wpShopGermany – Protected Shops

Application

wpShopGermany – Protected Shops

Published on
Jul 31, 2023
Research Description
wpShopGermany &#8211; Protected Shops [wpshopgermany-protectedshops] < 2.1 wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting The wpShopGermany - Protected Shops plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 2.1.
Status
vulnerable
Previous vulnerability researches
wpShopGermany &#8211; Protected Shops (CVE-2023-39919) , Jun 07, 2024
wpShopGermany &#8211; Protected Shops (4e388930334fd37c3c53d869b323bd9ab7a27623) , Jun 07, 2024
WPshop 2 &#8211; E-Commerce (CVE-2025-32576) , Apr 11, 2025
WPshop 2 &#8211; E-Commerce (25b8175a29186935197d85344c35e6cb9e68092c) , Jun 07, 2024
wpShopGermany IT-RECHT KANZLEI (CVE-2025-30804) , Apr 03, 2025
New vulnerability
SB Chart block (CVE-2025-3661) , Apr 20, 2025
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin &#8211; JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025