Aggregates CVE and security vulnerability intelligence across all kanbanwp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-40606 | Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | [email protected] | 9.1 | 0.48% | 2023-12-29 | 2026-04-28 |
| CVE-2023-0873 | The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | [email protected] | 4.8 | 0.17% | 2023-06-27 | 2024-11-21 |
| CVE-2023-34368 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | [email protected] | 5.9 | 0.06% | 2023-06-22 | 2024-11-21 |
| CVE-2023-23884 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | [email protected] | 5.9 | 0.21% | 2023-05-09 | 2024-11-21 |