Annual Archive Security Vulnerabilities and Issues — Annual Archive CVE List

cve

CVE-2023-0178

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-06 08:15 PM

40

cve

CVE-2023-49847

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.

6.5CVSS

5.8AI Score

0.0004EPSS

2023-12-14 02:15 PM

42

cve

CVE-2024-33598

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.

5.9CVSS

6.6AI Score

0.0004EPSS

2024-04-26 08:15 AM

44

Annual Archive Security Vulnerabilities - January