VYPR

Simple Spoiler

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-8479HigSep 14, 2024
    risk 0.47cvss 7.3epss 0.01

    The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for…

  • CVE-2025-31020MedApr 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through <= 1.4.

  • CVE-2024-35639MedJun 3, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler.This issue affects Simple Spoiler: from n/a through <= 1.2.