2 matches found
CVE-2024-8276
CVE-2024-8276 (WPZOOM Portfolio Lite – Filterable Portfolio Plugin) affects WordPress WPZOOM Portfolio Lite. It allows Stored XSS via the align attribute in the wp:wpzoom-blocks Gutenberg block for all versions up to 1.4.4, caused by insufficient input sanitization and output escaping. Exploitati...
CVE-2022-4789
The CVE concerns WPZOOM Portfolio WordPress plugin prior to version 1.2.2. The vulnerability is a Stored XSS resulting from improper validation/escaping of a shortcode attribute, which could be exploited by users with a role as low as contributor. Practical impact is exposure of stored script con...