Stops Core Theme And Plugin Updates
by WordPress
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7660 | Med | 0.33 | 6.1 | 0.00 | May 28, 2026 | The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination() function. This makes it… | ||
| CVE-2019-15650 | Med | 0.28 | 4.3 | 0.01 | Aug 27, 2019 | The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. |
- risk 0.33cvss 6.1epss 0.00
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination() function. This makes it…
- risk 0.28cvss 4.3epss 0.01
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.