VYPR

AR For Wordpress

by WordPress

Source repositories

CVEs (8)

  • CVE-2024-50496CriOct 28, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6.

  • CVE-2025-60156CriSep 26, 2025
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34.

  • CVE-2023-6946HigJan 29, 2024
    risk 0.57cvss 8.8epss 0.00

    The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

  • CVE-2025-26913MedFeb 25, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress ar-for-wordpress allows DOM-Based XSS.This issue affects AR For WordPress: from n/a through <= 7.7.

  • CVE-2025-12580MedNov 5, 2025
    risk 0.40cvss 6.1epss 0.00

    The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-0820MedMar 18, 2024
    risk 0.35cvss 5.4epss 0.00

    The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

  • CVE-2024-12300LowDec 13, 2024
    risk 0.24cvss 3.7epss 0.00

    The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to…

  • CVE-2025-9111Sep 9, 2025
    risk 0.00cvss epss 0.00

    The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…