VYPR

Zotpress

by WordPress

CVEs (8)

  • CVE-2016-1000217CriOct 6, 2016
    risk 0.64cvss 9.8epss 0.06

    Zotpress plugin for WordPress SQLi in zp_get_account()

  • CVE-2024-30488HigMar 29, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.

  • CVE-2024-47621MedOct 5, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Zotpress zotpress allows Stored XSS.This issue affects Zotpress: from n/a through <= 7.3.10.

  • CVE-2024-34569MedMay 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.9.

  • CVE-2025-4666MedJun 11, 2025
    risk 0.35cvss 6.4epss 0.00

    The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-7429Nov 5, 2024
    risk 0.00cvss epss 0.00

    The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with…

  • CVE-2023-46313Oct 31, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions.

  • CVE-2023-32961Jun 12, 2023
    risk 0.00cvss epss 0.01

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.