VYPR

Companion Auto Update

by WordPress

Source repositories

CVEs (3)

  • CVE-2018-20973CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.

  • CVE-2018-20972HigAug 16, 2019
    risk 0.57cvss 8.8epss 0.01

    The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.

  • CVE-2025-4369MedJul 15, 2025
    risk 0.29cvss 5.5epss 0.00

    The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘update_delay_days’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…