VYPR

Boost

by WordPress

CVEs (2)

  • CVE-2026-7637CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known…

  • CVE-2026-9010HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL…