Vendor

loopus

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-58956	loopus WP Attractive Donations System	Hig	0.46	7.1	Sep 22, 2025	Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.
CVE-2025-60155	loopus WP Virtual Assistant	Med	0.34	5.3	Sep 26, 2025	Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: from n/a through <= 3.0.
CVE-2025-31921	loopus WP Ultimate Tours Builder	Med	0.28	4.3	May 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
CVE-2024-35737	loopus WP Visitors Tracker		0.00	—	Jun 8, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.

CVE-2025-58956HigSep 22, 2025
loopus
WP Attractive Donations System
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.
CVE-2025-60155MedSep 26, 2025
loopus
WP Virtual Assistant
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: from n/a through <= 3.0.
CVE-2025-31921MedMay 16, 2025
loopus
WP Ultimate Tours Builder
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
CVE-2024-35737Jun 8, 2024
loopus
WP Visitors Tracker
risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.