VYPR

Breaking News Wp

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-4280MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.01

    The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when…

  • CVE-2025-31751MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in doit Breaking News WP breaking-news-wp allows Cross Site Request Forgery.This issue affects Breaking News WP: from n/a through <= 1.3.

  • CVE-2025-31750MedApr 1, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in doit Breaking News WP breaking-news-wp allows Stored XSS.This issue affects Breaking News WP: from n/a through <= 1.3.

  • CVE-2024-8056Sep 12, 2024
    risk 0.00cvss epss 0.00

    The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

  • CVE-2024-8054Sep 12, 2024
    risk 0.00cvss epss 0.00

    The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.