VYPR
Vendor

Wpexperts

Products
14
CVEs
51
Across products
51
Status
Private

Products

14

Recent CVEs

51
View all 51 CVEs →
  • CVE-2023-6875CriJan 11, 2024
    risk 0.67cvss 9.8epss 0.90

    The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and…

  • CVE-2025-28898CriMar 26, 2025
    risk 0.60cvss 9.3epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.2.

  • CVE-2025-26974CriFeb 25, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.1.

  • CVE-2025-24000HigAug 7, 2025
    risk 0.57cvss 8.8epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0.

  • CVE-2019-25150HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators.

  • CVE-2025-69063HigFeb 20, 2026
    risk 0.56cvss 8.6epss 0.00

    Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.

  • CVE-2024-47338HigOct 6, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal WPExperts Square For GiveWP wpexperts-square-for-give allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through <= 1.3.

  • CVE-2024-52436HigNov 18, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal Post SMTP post-smtp allows Blind SQL Injection.This issue affects Post SMTP: from n/a through <= 2.9.9.

  • CVE-2024-31297HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.

  • CVE-2023-48742HigNov 30, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.

  • CVE-2025-63030HigDec 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3.

  • CVE-2025-58268HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.

  • CVE-2025-24680HigJan 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.

  • CVE-2024-27959HigMar 17, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and…

  • CVE-2026-27440MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.

  • CVE-2024-1639MedJun 21, 2024
    risk 0.42cvss 6.5epss 0.00

    The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for…

  • CVE-2023-47853MedNov 30, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges &…

  • CVE-2023-35096MedJul 17, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

  • CVE-2024-5207HigMay 30, 2024
    risk 0.40cvss 7.2epss 0.01

    The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the…

  • CVE-2023-7027HigJan 3, 2024
    risk 0.40cvss 7.2epss 0.01

    The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization…