CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12769 – Simple Banner < 3.0.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12769
25 Mar 2025 — The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/02b5c1a8-cf2a-4378-bfda-84d841d88a18 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0446 – Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-0446
26 Jul 2022 — The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Simple Banner de WordPress versiones anteriores a 2.12.0, no sanea apropiadamente su configuraciones "Simple Banner Text", lo que permite a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html ... • https://wpscan.com/vulnerability/3fc7986e-3b38-4e16-9516-2ae00bc7a581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2515 – Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2515
22 Jul 2022 — The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to "Simple Banner" accesses the plugin's se... • https://gist.github.com/Xib3rR4dAr/6aa9e730c1d030a5ee9f9d1eae6fbd5e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24574 – Simple Banner < 2.10.4 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24574
26 Jul 2021 — The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed. El plugin Simple Banner WordPress versiones anteriores a 2.10.4, no sanea y escapa de una de sus configuraciones, permitiendo a usuarios con altos privilegios, como el administrador, usar una carga útil de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html e... • https://plugins.trac.wordpress.org/changeset/2571047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •