VYPR

Workscout Core

by WordPress

CVEs (5)

  • CVE-2025-59572HigSep 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06.

  • CVE-2025-67960HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.

  • CVE-2025-59571HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through < 1.7.06.

  • CVE-2026-52716Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

  • CVE-2021-24246May 5, 2021
    risk 0.00cvss epss 0.01

    The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues