Valvepress
Products
5- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27956 | Cri | 0.75 | 9.9 | 0.94 | Mar 21, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | ||
| CVE-2021-4380 | Cri | 0.71 | 9.8 | 0.05 | Jun 7, 2023 | The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for… | ||
| CVE-2021-4374 | Cri | 0.69 | 9.1 | 0.16 | Jun 7, 2023 | The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-27954 | Cri | 0.68 | 9.3 | 0.73 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | ||
| CVE-2024-27955 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | ||
| CVE-2025-39510 | Hig | 0.55 | 8.5 | 0.00 | Aug 14, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0. | ||
| CVE-2025-39486 | Hig | 0.55 | 8.5 | 0.00 | Jun 17, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2. | ||
| CVE-2024-32693 | Hig | 0.49 | 7.6 | 0.00 | Apr 22, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0. | ||
| CVE-2025-39487 | Hig | 0.46 | 7.1 | 0.00 | Jul 4, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2. | ||
| CVE-2025-6247 | Med | 0.31 | 4.7 | 0.00 | Aug 26, 2025 | The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-47534 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0. | ||
| CVE-2025-39511 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0. | ||
| CVE-2025-39493 | Med | 0.28 | 4.3 | 0.00 | May 16, 2025 | Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2. |
- risk 0.75cvss 9.9epss 0.94
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
- risk 0.71cvss 9.8epss 0.05
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for…
- risk 0.69cvss 9.1epss 0.16
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to…
- risk 0.68cvss 9.3epss 0.73
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2.
- risk 0.49cvss 7.6epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2.
- risk 0.31cvss 4.7epss 0.00
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.