cleantalk
Vulnerabilities and Security Researches

WPZOOM Portfolio, CVE-2022-4789

CVE, Research URL

CVE-2022-4789

Home page URL

Security reports for WPZOOM Portfolio

Application

WPZOOM Portfolio

Published on
Jan 23, 2023
Research Description
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
WPZOOM Portfolio (CVE-2024-8276) , Sep 01, 2024
WPZOOM Portfolio (CVE-2026-49069) , Jun 12, 2026
WPZOOM Portfolio (CVE-2022-4789) , Jun 06, 2024
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-9125) , Jun 12, 2026
Extra Fees Plugin for WooCommerce (CVE-2023-33999) , Jun 12, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026