WordPress Reviews Sorted plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Reviews Sorted versions = 2.4.2...

CVE-2024-13665

The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

PT-2025-6440 · WordPress · Admire Extra

Name of the Vulnerable Software and Affected Versions: Admire Extra plugin for WordPress versions up to, and including, 1.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'space' shortcode, allowing authenticated...