VYPR

Ultimate Posts Widget

by Inisev

Source repositories

CVEs (3)

  • CVE-2023-3977MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it…

  • CVE-2023-0958MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for…

  • CVE-2024-0561Mar 11, 2024
    risk 0.00cvss epss 0.00

    The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…