VYPR

Cornerstone

by WordPress

Source repositories

CVEs (7)

  • CVE-2024-32570HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.

  • CVE-2024-28002HigMar 28, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.

  • CVE-2025-63072MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through <= 7.7.3.

  • CVE-2026-9710Jun 24, 2026
    risk 0.00cvss epss 0.00

    The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens…

  • CVE-2026-9709Jun 24, 2026
    risk 0.00cvss epss 0.00

    The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects…

  • CVE-2026-54185Jun 17, 2026
    risk 0.00cvss epss 0.00

    Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

  • CVE-2026-49113Jun 16, 2026
    risk 0.00cvss epss 0.00

    Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.