webinarpress 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk csrf, and vendor risk ssrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-62972 | Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28. | [email protected] | 4.3 | 0.05% | 2025-10-27 | 2026-04-27 |
| CVE-2025-47635 | Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28. | [email protected] | 5.5 | 0.23% | 2025-05-07 | 2026-04-23 |
| CVE-2025-32693 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28. | [email protected] | 4.7 | 0.26% | 2025-04-09 | 2026-04-23 |
| CVE-2025-31883 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Stored XSS.This issue affects WebinarPress: from n/a through <= 1.33.28. | [email protected] | 5.9 | 0.17% | 2025-04-01 | 2026-04-23 |
| CVE-2025-31882 | Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28. | [email protected] | 4.3 | 0.23% | 2025-04-01 | 2026-04-23 |
| CVE-2024-11271 | The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars. | [email protected] | 8.8 | 0.37% | 2025-01-08 | 2025-01-17 |
| CVE-2024-11270 | The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution. | [email protected] | 8.8 | 12.16% | 2025-01-08 | 2025-01-17 |
| CVE-2024-43339 | Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20. | [email protected] | 5.4 | 0.07% | 2024-08-26 | 2024-08-27 |