VYPR

Video Merchant

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-14390HigDec 10, 2025
    risk 0.57cvss 8.8epss 0.00

    The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <= 5.0.4. This is due to missing or incorrect nonce validation on the video_merchant_add_video_file() function. This makes it possible for unauthenticated attackers to upload arbitrary…