cbcvebase.

Oooorgle Quotes Llama vulnerabilities

4 known vulnerabilities affecting oooorgle/quotes_llama.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-56062P2CRITICALCVSS 9.3≥ n/a, ≤ 3.1.52026-06-26
CVE-2026-56062 [CRITICAL] CWE-89 CVE-2026-56062: Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
nvd
CVE-2024-10874P4MEDIUMCVSS 6.4≤ 3.0.02024-11-23
CVE-2024-10874 [MEDIUM] CWE-79 CVE-2024-10874: The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to
nvd
CVE-2025-27307P4MEDIUMCVSS 6.5≤ 3.0.12025-02-24
CVE-2025-27307 [MEDIUM] CWE-79 CVE-2025-27307: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows Reflected XSS.This issue affects Quotes llama: from n/a through <= 3.0.1.
nvd
CVE-2025-30786P4MEDIUMCVSS 6.5≤ 3.1.02025-03-27
CVE-2025-30786 [MEDIUM] CWE-79 CVE-2025-30786: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows DOM-Based XSS.This issue affects Quotes llama: from n/a through <= 3.1.0.
nvd
Oooorgle Quotes Llama vulnerabilities | cvebase