VYPR

Print O Matic

by WordPress

CVEs (4)

  • CVE-2024-3671MedMay 22, 2024
    risk 0.42cvss 6.4epss 0.00

    The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes…

  • CVE-2024-33936MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10.

  • CVE-2022-4753MedJan 23, 2023
    risk 0.35cvss 5.4epss 0.00

    The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…

  • CVE-2021-24710MedNov 8, 2021
    risk 0.24cvss 4.8epss 0.01

    The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.