50 matches found
WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin SecuPress Free versions = 2.2.5.3...
CVE-2025-30907
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...
CVE-2025-30907
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...
CVE-2025-30907
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3...
CVE-2025-30907
CVE-2025-30907 (SecuPress Free) is a DOM-based XSS vector in SecuPress Free for WordPress. Public details from connected sources confirm: vulnerable component is SecuPress Free (≤ 2.2.5.3) and the issue is an improper neutralization of input during web page generation leading to Cross‑Site Script...
CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...
CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...
WordPress plugin SecuPress Free 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin SecuPress Free versions = 2.2.5.3...
CVE-2024-9019
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-9019
CVE-2024-9019 concerns the SecuPress Free — WordPress Security plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the secupress_check_ban_ips_form shortcode, caused by insufficient input sanitization and output escaping. Affected versions are all up to and including 2.2.5.3....
PT-2025-9075 · WordPress · Secupress Free
Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...
WordPress plugin SecuPress Free 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-1504
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...
CVE-2024-1504
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...
CVE-2024-1504 SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...
CVE-2024-1504 SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...
CVE-2024-1504
CVE-2024-1504 (Red Hat entry mirrors SecuPress Free WordPress Security plugin) is a CSRF vulnerability in SecuPress Free prior to or up to version 2.2.5.1. The root cause is missing or incorrect nonce validation in secupress_blackhole_ban_ip(), allowing unauthenticated attackers to forge a reques...