WordPress Plugin Vulnerabilities

Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
awesome-filterable-portfolio
No known fix

References

CVE
CVE-2022-40193

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
f21c274e-ae84-45db-b2d0-37c1a5b2f84d

Timeline

Publicly Published
2022-09-15 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2021-12-01
Title
Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module
Published
2025-01-27
Title
Wise Forms <= 1.2.0 - Unauthenticated Stored XSS
Published
2014-08-01
Title
slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard
Published
2026-02-13
Title
myCred < 2.9.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode
Published
2021-11-15
Title
ProfilePress < 3.2.3 - Reflected Cross-Site Scripting