Vulnerabilidades em publishpress

19 resultados

CVE-2025-47496HIGHWordPress PublishPress Authors plugin <= 4.7.5 - Local File Inclusion VulnerabilityEPSS 0.6%CVE-2024-9215HIGHCo-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account TakeoverEPSS 0.5%CVE-2025-48332HIGHWordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion VulnerabilityEPSS 0.4%CVE-2024-11154MEDIUMPublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.4%CVE-2024-9436MEDIUMPublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site ScriptingEPSS 0.4%CVE-2025-26886HIGHWordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-14718MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow ManipulationEPSS 0.3%CVE-2026-25309HIGHWordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5247MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode AttributeEPSS 0.3%CVE-2026-32539CRITICALWordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerabilityEPSS 0.2%CVE-2025-13741MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails ExposureEPSS 0.2%CVE-2025-8588MEDIUMGutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-25330MEDIUMWordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69361MEDIUMWordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32394MEDIUMWordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13149MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status ModificationEPSS 0.2%CVE-2026-39482MEDIUMWordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-49032MEDIUMWordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-25322MEDIUMWordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%