VYPR
Vendor

Valvepress

Products
5
CVEs
13
Across products
13
Status
Private

Products

5

Recent CVEs

13
  • CVE-2024-27956CriMar 21, 2024
    risk 0.75cvss 9.9epss 0.94

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

  • CVE-2021-4380CriJun 7, 2023
    risk 0.71cvss 9.8epss 0.05

    The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for…

  • CVE-2021-4374CriJun 7, 2023
    risk 0.69cvss 9.1epss 0.16

    The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to…

  • CVE-2024-27954CriMay 17, 2024
    risk 0.68cvss 9.3epss 0.73

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.

  • CVE-2024-27955HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.

  • CVE-2025-39510HigAug 14, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0.

  • CVE-2025-39486HigJun 17, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2.

  • CVE-2024-32693HigApr 22, 2024
    risk 0.49cvss 7.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.

  • CVE-2025-39487HigJul 4, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2.

  • CVE-2025-6247MedAug 26, 2025
    risk 0.31cvss 4.7epss 0.00

    The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to…

  • CVE-2025-47534MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.

  • CVE-2025-39511MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.

  • CVE-2025-39493MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.