VYPR

wp-publications

by WordPress

CVEs (2)

  • CVE-2021-38360HigSep 10, 2021
    risk 0.54cvss 8.3epss 0.02

    The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.

  • CVE-2024-11605MedDec 27, 2024
    risk 0.34cvss 4.8epss 0.01

    The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…