VYPR
Vendor

Scriptsbundle

Products
5
CVEs
7
Across products
7
Status
Private

Products

5

Recent CVEs

7
  • CVE-2025-54686CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2.

  • CVE-2025-49402HigAug 28, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.

  • CVE-2024-13373HigMar 1, 2025
    risk 0.53cvss 8.1epss 0.00

    The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the…

  • CVE-2025-69317HigJan 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.

  • CVE-2025-58259HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.

  • CVE-2024-12860Feb 18, 2025
    risk 0.00cvss epss 0.00

    The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This…

  • CVE-2025-0169Feb 8, 2025
    risk 0.00cvss epss 0.00

    The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

VYPR — Vulnerability Intelligence