VYPR

Adminify

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-68593MedDec 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

  • CVE-2024-8959MedOct 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2023-4060MedSep 11, 2023
    risk 0.31cvss 4.8epss 0.00

    The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2025-68592MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

  • CVE-2026-1060MedJan 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing…