Omnipress
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24538 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.7. | ||
| CVE-2024-49278 | Hig | 0.46 | 7.1 | 0.00 | Oct 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.4.3. | ||
| CVE-2026-25432 | Med | 0.42 | 6.5 | 0.00 | Feb 19, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7. | ||
| CVE-2025-12163 | Med | 0.42 | 6.4 | 0.00 | Dec 5, 2025 | The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level… | ||
| CVE-2025-53276 | Med | 0.42 | 6.5 | 0.00 | Jun 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows DOM-Based XSS.This issue affects Omnipress: from n/a through <= 1.6.4. | ||
| CVE-2024-13407 | 0.00 | — | 0.00 | Mar 14, 2025 | The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level… |
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.7.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.4.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.
- risk 0.42cvss 6.4epss 0.00
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows DOM-Based XSS.This issue affects Omnipress: from n/a through <= 1.6.4.
- CVE-2024-13407Mar 14, 2025risk 0.00cvss —epss 0.00
The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level…