Aggregates CVE and security vulnerability intelligence across all apasionados-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-47626 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored XSS.This issue affects Submission DOM tracking for Contact Form 7: from n/a through <= 2.1. | [email protected] | 5.9 | 0.15% | 2025-05-07 | 2026-04-23 |
| CVE-2025-47625 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Stored XSS.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1. | [email protected] | 5.9 | 0.15% | 2025-05-07 | 2026-04-23 |
| CVE-2025-47624 | Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1. | [email protected] | 4.3 | 0.09% | 2025-05-07 | 2026-04-23 |
| CVE-2023-49197 | Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2. | [email protected] | 4.3 | 0.17% | 2023-12-15 | 2026-04-28 |
| CVE-2022-38061 | Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | [email protected] | 6.2 | 0.53% | 2022-09-23 | 2025-02-20 |
| CVE-2022-38068 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. | [email protected] | 4.8 | 0.37% | 2022-09-09 | 2024-11-21 |
| CVE-2021-33851 | A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin. | [email protected] | 5.4 | 2.80% | 2022-03-10 | 2024-11-21 |