Wpo-hr

Ngg Smart Image Search

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-58027

  • EPSS 0.03%
  • Veröffentlicht 22.09.2025 18:23:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through <= 3.4.3.

9.3

CVE-2025-52832

  • EPSS 0.04%
  • Veröffentlicht 04.07.2025 11:17:51
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1.

6.5

CVE-2025-47503

  • EPSS 0.14%
  • Veröffentlicht 07.05.2025 14:19:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through <= 3.3.3.

5.4

CVE-2024-13658

  • EPSS 0.1%
  • Veröffentlicht 12.02.2025 05:15:12
  • Zuletzt bearbeitet 24.02.2025 15:49:58

The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping ...