6 matches found
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677
CVE-2026-9677 affects the Shariff for WordPress plugin up to version 1.0.11. The vulnerability arises from not sanitizing or escaping the shariff_infourl setting before it is output in the frontend HTML via the generateshariff() function, enabling Stored Cross-Site Scripting by high-privilege use...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion
Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...
WordPress Shariff Plugin <= 4.6.13 is vulnerable to Cross Site Scripting (XSS)
Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 196361c9209d Credits Ngô Thiên An ancorn Required...
WordPress Shariff Plugin <= 1.0.7 - Stored Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...