VYPR

The Special Text Boxes

by WordPress

CVEs (2)

  • CVE-2024-8481HigSep 25, 2024
    risk 0.41cvss 7.3epss 0.01

    The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This…

  • CVE-2021-24485MedOct 25, 2021
    risk 0.31cvss 4.8epss 0.01

    The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.