aviplugins.com
Products
4- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5448 | Hig | 0.57 | 8.8 | 0.00 | Jan 11, 2024 | The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for… | ||
| CVE-2025-32562 | Hig | 0.46 | 7.1 | 0.00 | Apr 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll wp-easy-poll-afo allows Reflected XSS.This issue affects WP Easy Poll: from n/a through <= 2.2.9. | ||
| CVE-2025-31384 | Hig | 0.46 | 7.1 | 0.00 | Apr 4, 2025 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5. | ||
| CVE-2025-62907 | Med | 0.42 | 6.5 | 0.00 | Oct 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Custom Post Type Attachment custom-post-type-pdf-attachment allows Stored XSS.This issue affects Custom Post Type Attachment: from n/a through <= 3.4.6. | ||
| CVE-2025-50042 | Med | 0.42 | 6.5 | 0.00 | Jun 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Stored XSS.This issue affects WP Register Profile With Shortcode: from n/a through <=… | ||
| CVE-2023-23818 | Med | 0.38 | 5.9 | 0.00 | Jun 12, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions. |
- risk 0.57cvss 8.8epss 0.00
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll wp-easy-poll-afo allows Reflected XSS.This issue affects WP Easy Poll: from n/a through <= 2.2.9.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Custom Post Type Attachment custom-post-type-pdf-attachment allows Stored XSS.This issue affects Custom Post Type Attachment: from n/a through <= 3.4.6.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Stored XSS.This issue affects WP Register Profile With Shortcode: from n/a through <=…
- risk 0.38cvss 5.9epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.