CVE-2025-67984

CVE-2025-67984 is a DOM-based XSS vulnerability in the WordPress plugin NPS computy (nps-computy) , affecting versions up through and including 2.8.2 . The connected Red Hat and CVE entries confirm the flaw is an input handling/neutralization issue during web page generation that enables cross-si...

CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

CVE-2024-1754

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1755

The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-11807

The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-11807

CVE-2024-11807 – NPS computy (WordPress) vulnerability : The WordPress NPS computy plugin is affected by a Reflected Cross-Site Scripting flaw via the data1 and data2 parameters in all versions up to and including 2.8.0, caused by insufficient input sanitization and output escaping. The issue per...

WordPress NPS computy plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin NPS computy versions = 2.8.0...

WordPress NPS computy plugin < 2.7.6 - Results Deletion via CSRF vulnerability

Results Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...

WordPress NPS computy plugin < 2.7.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...

PT-2024-18277 · WordPress · Nps Computy Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NPS computy WordPress plugin versions 2.7.5 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, i...

PT-2024-18278 · WordPress · Nps Computy Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NPS computy WordPress plugin versions 2.7.5 and earlier Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks...

NPS computy < 2.7.6 - Results Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following: The result is that all existing poll responses are deleted...