VYPR

Title Experiments Free

by WordPress

CVEs (3)

  • CVE-2022-0784CriMar 28, 2022
    risk 0.65cvss 9.8epss 0.10

    The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

  • CVE-2025-22561MedJan 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in kbowson Title Experiments Free wp-experiments-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through <= 9.0.4.

  • CVE-2025-22562MedJan 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <= 9.0.4.