Upress CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Upress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-9208	2 Upress, Wordpress	2 Enable Accessibility, Wordpress	2025-07-12	6.1 Medium
The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2022-47149	1 Upress	1 Enable Accessibility	2025-01-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.
CVE-2023-30484	1 Upress	1 Enable Accessibility	2025-01-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions.

Page 1 of 1.