VYPR

Sp Blog Designer

by WordPress

Source repositories

CVEs (5)

  • CVE-2024-52498HigNov 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through <= 1.0.0.

  • CVE-2026-4859MedMay 12, 2026
    risk 0.42cvss 6.4epss 0.00

    The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2025-57990MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.

  • CVE-2022-4793MedJan 30, 2023
    risk 0.35cvss 5.4epss 0.01

    The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

  • CVE-2025-31606MedMar 31, 2025
    risk 0.31cvss 4.8epss 0.00

    Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through <= 1.0.0.