VYPR

Pgs Core

by WordPress

CVEs (4)

  • CVE-2025-0855CriMay 6, 2025
    risk 0.64cvss 9.8epss 0.01

    The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP…

  • CVE-2025-60118HigSep 26, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0.

  • CVE-2025-0853HigMay 6, 2025
    risk 0.49cvss 7.5epss 0.00

    The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2025-0856HigMay 6, 2025
    risk 0.47cvss 7.3epss 0.00

    The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or…