Estatik

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-26905	WordPress Estatik	Hig	0.49	7.5	0.01	Feb 25, 2025	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <= 4.3.0.
CVE-2025-62963	WordPress Estatik	Med	0.42	6.5	0.00	Oct 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.3.1.
CVE-2016-10959	WordPress Estatik		0.00	—	0.00	Sep 16, 2019	The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
CVE-2016-10958	WordPress Estatik		0.00	—	0.01	Sep 16, 2019	The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

CVE-2025-26905HigFeb 25, 2025
WordPress
Estatik
risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <= 4.3.0.
CVE-2025-62963MedOct 27, 2025
WordPress
Estatik
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.3.1.
CVE-2016-10959Sep 16, 2019
WordPress
Estatik
risk 0.00cvss —epss 0.00
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
CVE-2016-10958Sep 16, 2019
WordPress
Estatik
risk 0.00cvss —epss 0.01
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.