VYPR

Wp Abstracts

by WordPress

CVEs (8)

  • CVE-2025-48338HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through <= 2.7.4.

  • CVE-2025-32591HigApr 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Cross Site Request Forgery.This issue affects WP Abstracts: from n/a through <= 2.7.5.

  • CVE-2024-12386HigFeb 12, 2025
    risk 0.46cvss 8.1epss 0.00

    The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a…

  • CVE-2023-29385HigJun 12, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.

  • CVE-2024-50411MedOct 29, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects WP Abstracts: from n/a through <= 2.7.1.

  • CVE-2024-44045MedOct 6, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects WP Abstracts: from n/a through <= 2.6.5.

  • CVE-2023-28692MedAug 30, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.

  • CVE-2024-12385MedJan 18, 2025
    risk 0.33cvss 6.1epss 0.00

    The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for…