VYPR

Rest API To Miniprogram

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-8484HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.04

    The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied…

  • CVE-2023-0551MedAug 16, 2023
    risk 0.35cvss 5.4epss 0.00

    The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

  • CVE-2026-3460MedMar 21, 2026
    risk 0.34cvss 5.3epss 0.00

    The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback (update_user_wechatshop_info_permissions_check) only validating that the supplied 'openid'…

  • CVE-2025-28886MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2.