VYPR

Open Brain

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-4091MedApr 15, 2026
    risk 0.40cvss 6.1epss 0.00

    The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func_page_main() function. This makes it possible for unauthenticated attackers to…

  • CVE-2026-3995MedApr 16, 2026
    risk 0.29cvss 4.4epss 0.00

    The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() which strips…