Aggregates CVE and security vulnerability intelligence across all landing_pages_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-4065 | Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. | [email protected] | 3.5 | 3.91% | 2015-05-27 | 2026-06-16 |
| CVE-2015-4064 | SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. | [email protected] | 6.5 | 3.75% | 2015-05-27 | 2026-06-16 |
| CVE-2013-6243 | SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | [email protected] | 7.5 | 2.49% | 2013-10-23 | 2026-06-16 |