VYPR

Custom Post Type

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-1623MedApr 24, 2023
    risk 0.42cvss 6.5epss 0.00

    The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.

  • CVE-2025-13142MedNov 21, 2025
    risk 0.28cvss 4.3epss 0.00

    The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the custom post type deletion functionality. This makes it possible for unauthenticated attackers to delete…