VYPR

Read More & Accordion

by WordPress

CVEs (3)

  • CVE-2023-3392HigOct 16, 2023
    risk 0.47cvss 7.2epss 0.01

    The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

  • CVE-2025-0810HigApr 5, 2025
    risk 0.42cvss 7.5epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-13639MedFeb 13, 2025
    risk 0.21cvss 4.3epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with…