VYPR

Expand Maker

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-7467HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly…

  • CVE-2025-0810HigApr 5, 2025
    risk 0.42cvss 7.5epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to…

  • CVE-2026-7472MedMay 20, 2026
    risk 0.32cvss 4.9epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the…