VYPR

Cozystay

by WordPress

CVEs (2)

  • CVE-2025-49507CriJun 10, 2025
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1.

  • CVE-2024-13412HigMar 19, 2025
    risk 0.49cvss 7.5epss 0.00

    The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.