wpshopmart CVE Vulnerabilities & CVE List (8)

Products (CPE): — CVEs: 8

wpshopmart vulnerability overview

Aggregates CVE and security vulnerability intelligence across all wpshopmart-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 18 of 8 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-1136 The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content. [email protected] 5.3 0.46% 2024-02-28 2026-06-17
CVE-2019-25140 The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. [email protected] 7.2 0.77% 2023-06-06 2026-06-16
CVE-2019-25139 The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. [email protected] 6.5 0.81% 2023-06-06 2026-06-16
CVE-2021-36857 Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. [email protected] 4.8 0.46% 2022-08-22 2026-06-16
CVE-2022-1298 The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed [email protected] 4.8 0.56% 2022-05-23 2026-06-17
CVE-2021-24598 The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed [email protected] 4.8 0.65% 2021-11-17 2026-06-16
CVE-2021-24191 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. [email protected] 8.8 1.31% 2021-05-14 2026-06-16
CVE-2018-5312 The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. [email protected] 5.4 0.61% 2018-01-09 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence