WordPress LifePress plugin <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin LifePress versions = 2.2.2...

EUVD-2026-29406

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

CVE-2026-6690

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

CVE-2026-6690

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

PT-2026-39961

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp update mds AJAX action in all versions up to, and including, 2.2.2. This is due to the wp ajax nopriv lp update mds action being registered without nonce verification or capability...

CVE-2026-24563 WordPress LifePress plugin <= 2.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through = 2.2.1...

WordPress LifePress plugin <= 2.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin LifePress versions = 2.2.1...

CVE-2025-53337

CVE-2025-53337 corresponds to a Missing Authorization/Broken Access Control vulnerability in LifePress WordPress plugin (versions up to 2.1.3). The issue arises from incorrectly configured access control security levels, enabling unauthorized access. Public details in Patchstack and Red Hat/other...

CVE-2025-53337 WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3...

CVE-2025-53337 WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through = 2.1.3...