VYPR

Cryptx

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-41564HigApr 23, 2026
    risk 0.42cvss 7.5epss 0.00

    CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it…

  • CVE-2025-13739MedDec 5, 2025
    risk 0.42cvss 6.4epss 0.00

    The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…