CVE-2026-4334

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Cross Site Scripting (XSS)

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 196361c9209d Credits Ngô Thiên An ancorn Required...

WordPress Shariff Plugin <= 1.0.7 - Stored Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...