CVE-2022-2515

The CVE-2022-2515 issue affects the WordPress Simple Banner plugin (versions up to and including 2.11.0). It is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the pro_version_activation_code setting. Authenticated attackers (including tho...

CVE-2022-0446

The CVE concerns the Simple Banner WordPress plugin prior to version 2.12.0. Root cause: improper sanitization of the "Simple Banner Text" settings, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. Affected product/versions: Simple Banner WordP...

CVE-2024-12769

The CVE-2024-12769 entry concerns the WordPress Simple Banner plugin before version 3.0.4. The underlying issue is that the plugin does not sanitize and escape some of its settings, which could allow high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed...

CVE-2021-24574

CVE-2021-24574 affects the WordPress Simple Banner plugin, prior to version 2.10.4. Affected component: a setting that is not sanitized/escaped, enabling authenticated users (e.g., admins) to inject a Cross-Site Scripting payload. Root cause per the documents: lack of proper sanitization/escaping...