Wpzoom Portfolio
Monthly
Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (all versions up to and including 1.4.29) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack with a CVSS 3.1 score of 7.1, the flaw requires user interaction and carries no public exploit identified at time of analysis and no CISA KEV listing. Impact is scoped to the session of whichever user is lured into clicking, including logged-in administrators.
Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (versions up to and including 1.4.21) allows remote attackers to execute arbitrary JavaScript in a victim's browser when the user clicks a crafted link. Because the CVSS scope is Changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically enabling session hijacking or actions against the WordPress admin context. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
The WPZOOM Portfolio Lite - Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (all versions up to and including 1.4.29) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Reported by Patchstack with a CVSS 3.1 score of 7.1, the flaw requires user interaction and carries no public exploit identified at time of analysis and no CISA KEV listing. Impact is scoped to the session of whichever user is lured into clicking, including logged-in administrators.
Reflected cross-site scripting in the WPZOOM Portfolio WordPress plugin (versions up to and including 1.4.21) allows remote attackers to execute arbitrary JavaScript in a victim's browser when the user clicks a crafted link. Because the CVSS scope is Changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically enabling session hijacking or actions against the WordPress admin context. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
The WPZOOM Portfolio Lite - Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.