VYPR

Simple Video Directory

by WordPress

CVEs (2)

  • CVE-2024-6809CriMay 15, 2025
    risk 0.64cvss 9.8epss 0.01

    The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

  • CVE-2024-5811MedJul 12, 2024
    risk 0.35cvss 5.4epss 0.00

    The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…