Secupress Security Vulnerabilities and Issues — Secupress CVE List

Lucene search

SecupressSecupress

4 matches found

CVE•added 2025/04/29 9:15 a.m.•49 views

CVE-2025-3452

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attacke...

4.3CVSS6.6AI score0.00037EPSS

CVE•added 2024/04/02 6:15 a.m.•47 views

CVE-2024-1504

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attac...

4.3CVSS8.9AI score0.00125EPSS

CVE•added 2025/03/27 11:15 a.m.•45 views

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.

6.5CVSS7AI score0.00052EPSS

CVE•added 2025/02/28 9:15 a.m.•41 views

CVE-2024-9019

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.8AI score0.00031EPSS