ByteOS Network

NaturaLife Extensions

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-25018

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 11.82%

7 Day CHG~0.00%

Published-25 Mar, 2026 | 16:14

Updated-28 Apr, 2026 | 16:14

WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.

Vendor-stmcan

Product-NaturaLife Extensions

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-25017

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.1||HIGH

EPSS-0.17% / 37.04%

7 Day CHG~0.00%

Published-25 Mar, 2026 | 16:14

Updated-28 Apr, 2026 | 16:14

WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1.

Vendor-stmcan

Product-NaturaLife Extensions

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')