VYPR

Replyable

by WordPress

CVEs (1)

  • CVE-2022-4265HigMar 6, 2023
    risk 0.57cvss 8.8epss 0.01

    The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber…