VYPR

Category Posts Widget

by WordPress

CVEs (3)

  • CVE-2025-1453MedApr 24, 2025
    risk 0.31cvss 4.8epss 0.00

    The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-9638MedJan 7, 2025
    risk 0.31cvss 4.8epss 0.00

    The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-6158MedAug 12, 2024
    risk 0.31cvss 4.8epss 0.00

    The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which…