CVE-2021-24433 Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "categorysims", "ordersims", "orderbysims", "periodsims", and "tagsims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as...

PT-2024-10889 · WordPress · Simple Sort&Search Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: simple sort&search WordPress plugin versions 0.0.3 and earlier Description: The issue arises from the simple sort&search WordPress plugin not validating the indexurl parameter of certain shortcodes, including category sims, order sims, orderb...