cleantalk
Vulnerabilities and Security Researches

WP VR – 360 Panorama and Virtual Tour Builder For WordPress, CVE-2023-0174

CVE, Research URL

CVE-2023-0174

Home page URL

Security reports for WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Application

WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Published on
Feb 07, 2023
Research Description
The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 8.2.7.
Status
vulnerable
Previous vulnerability researches
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-47452) , Jun 19, 2025
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2024-49680) , Oct 25, 2024
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-24730) , Jan 26, 2025
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2024-49293) , Oct 18, 2024
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2023-0174) , Jun 07, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025