GCVE - cpe:2.3:a:wpzoom:wpzoom_portfolio:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wpzoom:wpzoom_portfolio:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Wpzoom (`41ecada1-7571-5859-ba6a-0d847e9d0d4f`)
Product	Wpzoom Portfolio (`f9e3e2c9-1959-517b-9266-b0009985122a`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wpzoom/wpzoom-portfolio`	purl2cpe	2026-06-01 10:11:40.035544

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8276`	vulnerable	2026-06-03 14:58:17.665910	WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute MEDIUM (6.4) The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-08-31T07:36:54.206Z Updated: 2026-04-08T16:44:24.418Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7d5503-0a6e-4611-bb7c-b2871be828be?source=cve https://plugins.trac.wordpress.org/browser/wpzoom-portfolio/trunk/build/blocks/portfolio-layouts/index.php#L63 https://wordpress.org/plugins/wpzoom-portfolio/#developers https://plugins.trac.wordpress.org/changeset/3144394	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4789`	vulnerable	2026-06-03 14:48:42.051402	WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: 2023-01-23T14:31:35.579Z Updated: 2025-04-02T15:45:53.211Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/5e816e9a-84e5-42d2-a7ff-e46be9072278	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.