Wpadverts
by WordPress
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49878 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.4. | ||
| CVE-2025-47440 | Hig | 0.42 | 7.5 | 0.01 | May 7, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue affects WPAdverts: from n/a through <= 2.2.2. | ||
| CVE-2024-10108 | Hig | 0.40 | 7.2 | 0.00 | Oct 30, 2024 | The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2026-40782 | Med | 0.35 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||
| CVE-2025-54024 | Med | 0.35 | 6.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.5. | ||
| CVE-2024-10890 | Med | 0.33 | 6.1 | 0.01 | Nov 21, 2024 | The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for… | ||
| CVE-2024-37238 | Med | 0.28 | 4.3 | 0.00 | Jan 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.4.
- risk 0.42cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue affects WPAdverts: from n/a through <= 2.2.2.
- risk 0.40cvss 7.2epss 0.00
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.5epss 0.00
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
- risk 0.35cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.5.
- risk 0.33cvss 6.1epss 0.01
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.