VYPR
Vendor

Wp Plugins

Products
10
CVEs
10
Across products
10
Status
Private

Products

10

Recent CVEs

10
  • CVE-2016-20082MedJun 15, 2026
    risk 0.40cvss 6.2epss 0.00

    WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the…

  • CVE-2023-4962MedJan 11, 2024
    risk 0.35cvss 6.4epss 0.00

    The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

  • CVE-2007-10003MedOct 29, 2023
    risk 0.34cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads…

  • CVE-2021-42547MedDec 13, 2021
    risk 0.31cvss 4.7epss 0.01

    Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.

  • CVE-2005-10002MedOct 29, 2023
    risk 0.29cvss 5.5epss 0.01

    A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to…

  • CVE-2015-10132LowApr 21, 2024
    risk 0.16cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can…

  • CVE-2014-125111LowApr 8, 2024
    risk 0.16cvss 3.5epss 0.00

    A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to…

  • CVE-2014-125110LowApr 1, 2024
    risk 0.16cvss 3.5epss 0.00

    A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack…

  • CVE-2015-10131LowMar 31, 2024
    risk 0.16cvss 3.5epss 0.00

    A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be…

  • CVE-2013-2693Apr 10, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors.