ByteOS Network

Appsero Helper

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-39377

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.5||HIGH

EPSS-0.12% / 30.15%

7 Day CHG+0.06%

Published-24 Apr, 2025 | 16:08

Updated-12 May, 2026 | 00:12

WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper appsero-helper allows SQL Injection.This issue affects Appsero Helper: from n/a through <= 1.3.4.

Vendor-weDevs Pte. Ltd.

Product-Appsero Helper

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-13436

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.1||MEDIUM

EPSS-0.13% / 32.16%

7 Day CHG~0.00%

Published-11 Mar, 2025 | 03:22

Updated-15 Apr, 2026 | 00:35

Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-weDevs Pte. Ltd.

Product-Appsero Helper

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)