CVE-2026-56062

The CVE identifies an unauthenticated SQL injection in the WordPress Quotes llama plugin, affecting versions up to and including 3.1.5. The vulnerability arises in Quotes llama’s handling of input data, allowing unauthenticated attackers to potentially execute SQL commands. The CVSS base score is...

EUVD-2024-33149

Malicious code in bioql PyPI...

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

WordPress Quotes llama plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Quotes llama versions = 3.1.0...

WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Quotes llama versions = 3.0.1...

WordPress plugin Quotes llama 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-10874

CVE-2024-10874 (Quotes llama, WordPress) is a Stored XSS vulnerability in the Quotes llama plugin for WordPress, exploitable via the plugin’s shortcodes (quotes-llama). Affected versions are all up to and including 3.0.0. The issue stems from insufficient input sanitization and output escaping on...

WordPress plugin Quotes llama 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Quotes llama plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Quotes llama versions = 3.0.0...

WordPress Quotes llama Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Quotes llama Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10874 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f9b6d2f50cd Credits Peter Thaleikis Required...

PT-2024-16607 · WordPress · Quotes Llama

Name of the Vulnerable Software and Affected Versions: Quotes llama plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode due to insufficient input sanitization and output escaping on...

WordPress Quotes llama plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

Cross site scripting

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

PT-2022-13965 · WordPress · Quotes Llama Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Quotes llama WordPress plugin versions prior to 1.0.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. This can be achieved by exploiting the...