Zotpress

zotpress

Vendor: Katieseaborn • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7429 1Katieseaborn 1Zotpress Nov 8, 2024 Nov 5, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This mak...Show more The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.Show less
CVE-2024-30488 1Katieseaborn 1Zotpress Apr 23, 2026 Mar 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.
CVE-2023-46313 1Katieseaborn 1Zotpress Nov 21, 2024 Oct 31, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions.