VYPR
Vendor

Wpmudev

Products
8
CVEs
49
Across products
50
Status
Private

Products

8

Recent CVEs

49
View all 49 CVEs →
  • CVE-2023-4596CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.13

    The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated…

  • CVE-2017-8558HigJun 29, 2017
    risk 0.57cvss 7.8epss 0.44

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703…

  • CVE-2026-39466HigApr 8, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <=…

  • CVE-2025-67962HigDec 16, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.

  • CVE-2024-0368HigMar 13, 2024
    risk 0.49cvss 8.6epss 0.01

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data…

  • CVE-2017-15079HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.03

    The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.

  • CVE-2024-1794HigApr 9, 2024
    risk 0.47cvss 7.2epss 0.01

    The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-29777HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through <= 1.29.0.

  • CVE-2026-6214MedMay 7, 2026
    risk 0.42cvss 6.5epss 0.00

    The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/class-export.php failing to perform a capability check before saving the scheduled…

  • CVE-2022-2438HigSep 6, 2022
    risk 0.40cvss 7.2epss 0.01

    The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a…

  • CVE-2024-37239MedJul 22, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through <= 3.4.17.

  • CVE-2024-25592MedMar 15, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.

  • CVE-2023-6133MedNov 15, 2023
    risk 0.36cvss 6.6epss 0.01

    The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level…

  • CVE-2024-5191MedJun 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-3053MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output…

  • CVE-2023-51490MedJan 8, 2024
    risk 0.35cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.

  • CVE-2026-32409MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

  • CVE-2026-24998MedFeb 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.

  • CVE-2024-37444MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1.

  • CVE-2024-6554MedJul 11, 2024
    risk 0.34cvss 5.3epss 0.00

    The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it…