VYPR

Wp Promoter

by WordPress

CVEs (2)

  • CVE-2026-8906MedMay 27, 2026
    risk 0.40cvss 6.1epss 0.00

    The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject…

  • CVE-2026-9014MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_stats() function in versions up to, and including, 1.3. The function is hooked to both the wp_ajax_wpp-reset_stats and…