Wp Vr Security Vulnerabilities and Issues — Wp Vr CVE List

Lucene search

RexthemeWp Vr

4 matches found

CVE•added 2025/01/24 6:15 p.m.•48 views

CVE-2025-24730

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a through 8.5.14.

6.5CVSS6.5AI score0.00044EPSS

CVE•added 2023/04/17 1:15 p.m.•37 views

CVE-2023-1413

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6.1AI score0.00121EPSS

CVE•added 2024/01/08 7:15 p.m.•32 views

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

6.1CVSS6.3AI score0.0058EPSS

CVE•added 2025/06/28 4:15 a.m.•7 views

CVE-2025-6350

The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.5AI score0.00029EPSS