VYPR

Horizontal Scrolling Announcement

by Gopiplus

CVEs (2)

  • CVE-2023-4999HigOct 20, 2023
    risk 0.57cvss 8.8epss 0.01

    The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2023-5001MedSep 16, 2023
    risk 0.42cvss 6.4epss 0.00

    The Horizontal scrolling announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…