VYPR

Wpcasa

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-9321CriSep 23, 2025
    risk 0.57cvss 9.8epss 0.01

    The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary…

  • CVE-2025-62043MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.

  • CVE-2025-39575MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.

  • CVE-2024-53826MedDec 6, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in WPSight WPCasa wpcasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through <= 1.2.13.