CVE-2024-5943

CVE-2024-5943 — The Nested Pages WordPress plugin is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.7. The issue arises from missing or incorrect nonce validation in the settingsPage function and missing sanitization of the tab parameter. This allows unauthenticated attackers ...

CVE-2022-1990

CVE-2022-1990 affects the WordPress Nested Pages plugin prior to version 3.1.21. The vulnerability arises because the plugin does not escape and sanitize certain settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed. Public sources across Red Hat, NVD, CNVD, OSV, and P...

CVE-2025-0718

CVE-2025-0718 affects the Nested Pages WordPress plugin up to 3.2.12 (vulnerability would be present before 3.2.13). It permits Stored XSS via unsanitised/unstable configuration settings, potentially abused by high-privilege users (e.g., contributors), even when unfiltered_html is disallowed. Roo...

CVE-2023-49195

CVE-2023-49195 affects WordPress Nested Pages plugin

CVE-2021-38343

The CVE-2021-38343 vulnerability affects the Nested Pages WordPress plugin

CVE-2021-38342

CVE-2021-38342 (Nested Pages WordPress plugin

CVE-2023-2434

CVE-2023-2434 affects Nested Pages (WordPress) up to version 3.2.3. A missing capability check in the reset function allows an authenticated user with editor-level permissions or higher to reset plugin settings, causing unauthorized data loss. The impact is described as data loss risk with low CV...

CVE-2024-8759

CVE-2024-8759 affects the WordPress Nested Pages plugin (versions prior to 3.2.9). The issue arises from insufficient sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The root ...