VYPR

Custom Post Type UI

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-12826MedDec 4, 2025
    risk 0.24cvss 4.8epss 0.00

    The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui_process_post_type" function. This…

  • CVE-2025-14056MedDec 13, 2025
    risk 0.22cvss 4.4epss 0.00

    The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all versions up to, and including, 1.18.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-1623Apr 24, 2023
    risk 0.00cvss epss 0.00

    The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.