VYPR

Wpnakama

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-2495HigFeb 18, 2026
    risk 0.49cvss 7.5epss 0.00

    The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to…

  • CVE-2025-14068HigDec 12, 2025
    risk 0.49cvss 7.5epss 0.00

    The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…