VYPR

Tinysalt

by WordPress

CVEs (2)

  • CVE-2024-13410CriMar 19, 2025
    risk 0.64cvss 9.8epss 0.01

    The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it…

  • CVE-2025-49454HigJun 10, 2025
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0.