VYPR

Ap Background

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-9561HigOct 3, 2025
    risk 0.57cvss 8.8epss 0.01

    The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider() handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with…

  • CVE-2025-10165MedOct 3, 2025
    risk 0.42cvss 6.4epss 0.00

    The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adv_parallax_back' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2025-9897MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated…

  • CVE-2022-4652Mar 13, 2023
    risk 0.00cvss epss 0.01

    The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site…