Vulnerabilities in 10up

11 results

CVE-2023-32798MEDIUMWordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-48753MEDIUMWordPress Restricted Site Access plugin <= 7.4.1 - IP Restriction Bypass vulnerabilityEPSS 0.4%CVE-2024-10786MEDIUMSimple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache ClearingEPSS 0.3%CVE-2021-4405MEDIUMElasticPress <= 3.5.3 - Cross-Site Request Forgery BypassEPSS 0.3%CVE-2025-10749MEDIUMMicrosoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media DeletionEPSS 0.2%CVE-2026-5028MEDIUMEight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' ParameterEPSS 0.2%CVE-2025-8482MEDIUMSimple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar MigrationEPSS 0.2%CVE-2025-67621MEDIUMWordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2026-25311MEDIUMWordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-43116MEDIUMWordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-35684MEDIUMWordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%