VYPR

Correct Prices

by WordPress

CVEs (1)

  • CVE-2026-8627MedMay 20, 2026
    risk 0.40cvss 6.1epss 0.00

    The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_page() function echoing $_SERVER['PHP_SELF'] into a form's action attribute…