Configurator

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-15440	WordPress Configurator	Hig	0.47	7.2	0.00		Feb 11, 2026	The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
CVE-2019-6858	WordPress Configurator		0.00	—	0.00		Jan 22, 2020	A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.

CVE-2025-15440HigFeb 11, 2026
WordPress
Configurator
risk 0.47cvss 7.2epss 0.00
The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
CVE-2019-6858Jan 22, 2020
WordPress
Configurator
risk 0.00cvss —epss 0.00
A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.