VYPR

Verowa Connect

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-32676HigApr 9, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through <= 3.0.5.

  • CVE-2024-11460HigDec 6, 2024
    risk 0.49cvss 7.5epss 0.01

    The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2025-58257MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Stored XSS.This issue affects Verowa Connect: from n/a through <= 3.2.3.