VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Oct 09, 2024

CM Tooltip Glossary Vulnerabilities

Review known vulnerability records for the WordPress plugin CM Tooltip Glossary (`enhanced-tooltipglossary`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-48041, CVE-2024-43149 and CVE-2024-5026, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
0
Patch Coverage
100%
Last Updated
May 29, 2025
Priority CVE Quick Links

Fast paths into CM Tooltip Glossary CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2024-48041 Medium 4.3.11
CVE-2024-48041 CM Tooltip Glossary Stored Cross-Site Scripting

CM Tooltip Glossary <= 4.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-43149 Medium 4.3.9
CVE-2024-43149 CM Tooltip Glossary Stored Cross-Site Scripting

CM Tooltip Glossary <= 4.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2016-1000132 Medium 3.3.5
CVE-2016-1000132 CM Tooltip Glossary Cross-Site Scripting

CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting

CVE-2021-24678 Medium 3.9.21
CVE-2021-24678 CM Tooltip Glossary Stored Cross-Site Scripting

CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting

CVE-2024-5026 Medium 4.3.4
CVE-2024-5026 CM Tooltip Glossary Stored Cross-Site Scripting

CM Tooltip Glossary <= 4.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2024-4086 Medium 4.3.0
CVE-2024-4086 CM Tooltip Glossary Cross-Site Request Forgery

CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for CM Tooltip Glossary so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-48041, CVE-2024-43149 and CVE-2024-5026
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for CM Tooltip Glossary

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-48041
CVE-2024-48041: CM Tooltip Glossary <= 4.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

Published
Oct 09, 2024
Patched Release
4.3.11
Affected Versions
Versions up to 4.3.9
Next Step
Update to 4.3.11 or newer if supported.
Open CVE-2024-48041 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43149
CVE-2024-43149: CM Tooltip Glossary <= 4.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

Published
Aug 07, 2024
Patched Release
4.3.9
Affected Versions
Versions up to 4.3.7
Next Step
Update to 4.3.9 or newer if supported.
Open CVE-2024-43149 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5026
CVE-2024-5026: CM Tooltip Glossary <= 4.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra...

Published
May 01, 2024
Patched Release
4.3.4
Affected Versions
Versions up to 4.3.3
Next Step
Update to 4.3.4 or newer if supported.
Open CVE-2024-5026 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4086
CVE-2024-4086: CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery

The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated...

Published
Apr 24, 2024
Patched Release
4.3.0
Affected Versions
Versions up to 4.2.11
Next Step
Update to 4.3.0 or newer if supported.
Open CVE-2024-4086 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24678
CVE-2021-24678: CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting

The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.20 due to insufficient input sanitization and output escaping. It does not escape some glossary_tooltip shortcode attributes. This makes it possible for...

Published
Sep 06, 2021
Patched Release
3.9.21
Affected Versions
Versions before 3.9.21
Next Step
Update to 3.9.21 or newer if supported.
Open CVE-2021-24678 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2016-1000132
CVE-2016-1000132: CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting

Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.3.4 via the itemsnumber parameter.

Published
Oct 12, 2016
Patched Release
3.3.5
Affected Versions
Versions before 3.3.5
Next Step
Update to 3.3.5 or newer if supported.
Open CVE-2016-1000132 Report Open CVE Reference
Plugin Medium Patched: Yes
CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.1.3 - Reflected Cross-Site Scripting

The CM Tooltip Glossary – Better SEO and UEX for your WP site plugin for WordPress is vulnerable to reflected Cross-Site Scripting due to the use of add_query_arg/remove_query_arg without appropriate sanitization and escaping in versions up to, and including 3.1.3.

Published
Apr 22, 2015
Patched Release
3.1.4
Affected Versions
Versions up to 3.1.3
Next Step
Update to 3.1.4 or newer if supported.
Open Full Report