CVE-2025-3452
- EPSS 0.16%
- Veröffentlicht 29.04.2025 08:21:44
- Zuletzt bearbeitet 06.05.2025 15:35:58
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9....
CVE-2025-30907
- EPSS 0.13%
- Veröffentlicht 27.03.2025 10:55:52
- Zuletzt bearbeitet 14.08.2025 01:28:50
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.
CVE-2024-9019
- EPSS 0.08%
- Veröffentlicht 28.02.2025 09:15:11
- Zuletzt bearbeitet 06.03.2025 16:36:34
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and...
CVE-2024-1504
- EPSS 0.13%
- Veröffentlicht 02.04.2024 06:15:12
- Zuletzt bearbeitet 15.08.2025 19:54:37
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function....