VYPR

Wp Last Modified Info

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-52756HigOct 22, 2025
    risk 0.41cvss 7.4epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.4.

  • CVE-2025-62968MedOct 27, 2025
    risk 0.35cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.

  • CVE-2024-6864MedAug 20, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2025-14608MedFeb 14, 2026
    risk 0.27cvss 5.3epss 0.00

    The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk_save' AJAX action. This…