VYPR

Xv Random Quotes

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-30971CriApr 1, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quotes: from n/a through <= 2.0.0.

  • CVE-2025-31903HigApr 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows Reflected XSS.This issue affects XV Random Quotes: from n/a through <= 2.0.0.

  • CVE-2024-13574HigMar 11, 2025
    risk 0.46cvss 7.1epss 0.00

    The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2024-13580MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack