VYPR

Wp Plugin Info Card

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-31835MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects WP Plugin Info Card: from n/a through <= 5.3.0.

  • CVE-2025-5116MedJun 3, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2026-2023MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_plugin() function, which is disabled by prefixing the check with 'false &&'. This…