CVE-2022-4483

The CVE-2022-4483 entry concerns the Insert Pages WordPress plugin prior to version 3.7.5. The root cause is that the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as contributor privileges against high‑privilege admins. A...

CVE-2021-24850

CVE-2021-24850 concerns the WordPress Insert Pages plugin (versions before 3.7.0). The vulnerability arises from a shortcode that can reveal other pages’ content and custom fields, enabling stored XSS when a user with as little as Contributor privileges embeds payloads in a post’s custom fields. ...

CVE-2017-18586

CVE-2017-18586 affects the WordPress plugin Insert Pages (pre-3.2.4). The vulnerability is a directory-traversal flaw via custom template paths, allowing access to unintended files. Affected versions are prior to 3.2.4; remediation is to upgrade to 3.2.4 or later (plugin page: insert-pages). If e...

CVE-2021-24851

The CVE-2021-24851 applies to the WordPress Insert Pages plugin prior to 3.7.0. Affected component: Insert Pages plugin (WordPress). Root cause: insufficient access control allowing users with a role as low as Contributor to access content and metadata from arbitrary posts/pages, regardless of au...