VYPR

Post Type Switcher

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-12524MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to…