Portrait-Archiv.com Photostore <= 3.1 – Unauthenticated Reflected XSS

Affects Plugins

portrait-archiv-shop

Fixed in 3.2

References

URL

https://packetstormsecurity.com/files/#154343/

URL

https://plugins.trac.wordpress.org/changeset/2156762/portrait-archiv-shop

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Ricardo Sanchez

Verified

Yes

WPVDB ID

c6a8757e-41ef-4c20-8c7d-97b57d56fe0e

Timeline

Publicly Published

2019-09-03 (about 6 years ago)

Added

2019-09-04 (about 6 years ago)

Last Updated

2020-02-13 (about 5 years ago)

Other

Published

Title

Published

2024-07-10

Title

Arkhe Blocks < 2.23.0 - Contributor+ Stored XSS

Published

2024-04-16

Title

WP Club Manager < 2.2.12 - Authenticated (Player+) Stored Cross-Site Scripting

Published

2025-04-03

Title

Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template

Published

2025-01-06

Title

Dyn Business Panel <= 1.0.0 - Reflected XSS

Published

2023-01-20

Title

Heateor Social Comments < 1.6.2 - Contributor+ Stored XSS