VYPR
Vendor

Pluginops

Products
4
CVEs
15
Across products
15
Status
Private

Products

4

Recent CVEs

15
  • CVE-2024-43345HigAug 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.This issue affects Landing Page Builder: from n/a through 1.5.2.0.

  • CVE-2024-34752HigMay 17, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.

  • CVE-2023-24379MedMay 17, 2024
    risk 0.44cvss 6.8epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through…

  • CVE-2024-51858MedNov 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Social Locker social-locker-content allows Stored XSS.This issue affects Social Locker: from n/a through <= 1.1.

  • CVE-2026-24620MedJan 23, 2026
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.4.

  • CVE-2024-31928MedApr 11, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5.

  • CVE-2023-40675MedSep 27, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions.

  • CVE-2015-9425MedSep 26, 2019
    risk 0.35cvss 5.4epss 0.01

    The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.

  • CVE-2026-3645MedMar 21, 2026
    risk 0.34cvss 5.3epss 0.00

    The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the 'punnel_save_config' AJAX action, lacks any capability check (current_user_can()) and nonce…

  • CVE-2025-30581MedMar 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through <= 3.3.

  • CVE-2023-48325MedDec 7, 2023
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress…

  • CVE-2022-2629MedOct 10, 2022
    risk 0.31cvss 4.8epss 0.01

    The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2025-62107MedDec 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page feather-login-page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through <= 1.1.7.

  • CVE-2025-12165MedDec 5, 2025
    risk 0.28cvss 4.3epss 0.00

    The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated…

  • CVE-2024-1660Apr 15, 2024
    risk 0.00cvss epss 0.00

    The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)