VYPR

Wpadverts

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-49878MedJun 17, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.4.

  • CVE-2025-47440HigMay 7, 2025
    risk 0.42cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue affects WPAdverts: from n/a through <= 2.2.2.

  • CVE-2024-10108HigOct 30, 2024
    risk 0.40cvss 7.2epss 0.00

    The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-40782MedJun 15, 2026
    risk 0.35cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.

  • CVE-2025-54024MedJul 16, 2025
    risk 0.35cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.5.

  • CVE-2024-10890MedNov 21, 2024
    risk 0.33cvss 6.1epss 0.01

    The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for…

  • CVE-2024-37238MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.