VYPR

JS Archive List

by WordPress

CVEs (3)

  • CVE-2025-54726CriAug 20, 2025
    risk 0.61cvss 9.3epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6.

  • CVE-2026-2020HigMar 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's…

  • CVE-2025-7670HigAug 19, 2025
    risk 0.49cvss 7.5epss 0.00

    The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…