VYPR

Stops Core Theme And Plugin Updates

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-7660MedMay 28, 2026
    risk 0.33cvss 6.1epss 0.00

    The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination() function. This makes it…

  • CVE-2019-15650MedAug 27, 2019
    risk 0.28cvss 4.3epss 0.01

    The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.