CVE-2025-3452
- EPSS 0.16%
- Veröffentlicht 29.04.2025 08:21:44
- Zuletzt bearbeitet 06.05.2025 15:35:58
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9....
CVE-2025-30907
- EPSS 0.13%
- Veröffentlicht 27.03.2025 10:55:52
- Zuletzt bearbeitet 01.04.2026 17:20:35
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.
CVE-2024-9019
- EPSS 0.15%
- Veröffentlicht 28.02.2025 09:15:11
- Zuletzt bearbeitet 08.04.2026 18:22:47
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and...
CVE-2024-1504
- EPSS 0.13%
- Veröffentlicht 02.04.2024 06:15:12
- Zuletzt bearbeitet 08.04.2026 18:20:41
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function....