Wp Latest Posts
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4135 | Med | 0.28 | 5.4 | 0.00 | May 8, 2024 | The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a… | ||
| CVE-2026-9620 | 0.00 | — | — | Jun 24, 2026 | The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field() and loop() functions, which extract the raw… | |||
| CVE-2016-10913 | 0.00 | — | 0.01 | Aug 20, 2019 | The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. |
- risk 0.28cvss 5.4epss 0.00
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a…
- CVE-2026-9620Jun 24, 2026risk 0.00cvss —epss —
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field() and loop() functions, which extract the raw…
- CVE-2016-10913Aug 20, 2019risk 0.00cvss —epss 0.01
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.