CVE-2024-5943

CVE-2024-5943 — The Nested Pages WordPress plugin is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.7. The issue arises from missing or incorrect nonce validation in the settingsPage function and missing sanitization of the tab parameter. This allows unauthenticated attackers ...

CVE-2022-1990

CVE-2022-1990 affects the WordPress Nested Pages plugin prior to version 3.1.21. The vulnerability arises because the plugin does not escape and sanitize certain settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed. Public sources across Red Hat, NVD, CNVD, OSV, and P...

CVE-2025-0718

CVE-2025-0718 affects the Nested Pages WordPress plugin up to 3.2.12 (vulnerability would be present before 3.2.13). It permits Stored XSS via unsanitised/unstable configuration settings, potentially abused by high-privilege users (e.g., contributors), even when unfiltered_html is disallowed. Roo...

CVE-2024-8759

CVE-2024-8759 affects the WordPress Nested Pages plugin (versions prior to 3.2.9). The issue arises from insufficient sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The root ...