Packagist (Composer) package
johnbillion/wp-crontrol
pkg:composer/johnbillion/wp-crontrol
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-8678 | Med | 5.9 | >= 1.17.0, < 1.19.2 | 1.19.2 | Aug 22, 2025 | The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitr | |
| CVE-2024-28850 | — | < 1.16.2 | 1.16.2 | Mar 25, 2024 | WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no k |
- affected >= 1.17.0, < 1.19.2fixed 1.19.2
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitr
- CVE-2024-28850Mar 25, 2024affected < 1.16.2fixed 1.16.2
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no k