VYPR

Image Editor By Pixo

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-58232MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through <= 2.3.8.

  • CVE-2025-5588MedJun 26, 2025
    risk 0.35cvss 6.4epss 0.00

    The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…