This page lists publicly disclosed CVE vulnerabilities affecting hasthemes wp_plugin_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-64271 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7. | [email protected] | 4.3 | 0.01% | 2025-11-13 | 2026-04-27 |
| CVE-2023-1088 | The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | [email protected] | 4.3 | 0.11% | 2023-03-27 | 2025-02-19 |