VYPR

Terms Descriptions

by WordPress

Source repositories

CVEs (6)

  • CVE-2024-9374MedOct 24, 2024
    risk 0.40cvss 6.1epss 0.00

    The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject…

  • CVE-2026-24621MedJan 23, 2026
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.

  • CVE-2024-47336MedOct 6, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through <= 3.4.7.

  • CVE-2025-62139MedDec 31, 2025
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a through <= 3.4.10.

  • CVE-2025-6719MedJul 18, 2025
    risk 0.29cvss 4.4epss 0.00

    The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2023-28779Aug 10, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.