VYPR

Publishpress Future

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-5247MedMay 5, 2026
    risk 0.29cvss 5.5epss 0.00

    The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the…

  • CVE-2025-13741MedDec 16, 2025
    risk 0.21cvss 4.3epss 0.00

    The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including,…

  • CVE-2025-13149MedNov 21, 2025
    risk 0.21cvss 4.3epss 0.00

    The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up…