Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
0Vulnerabilities found
CVE-2025-24579
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.25%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9.

Action-Not Available
Vendor-Kyle Phillips
Product-Nested Pages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49195
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 33.92%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:39
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nested Pages Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

Action-Not Available
Vendor-kylephillipsKyle Phillips
Product-nested_pagesNested Pages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38342
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 18:05
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.

Action-Not Available
Vendor-kylephillipsKyle Phillips
Product-nested_pagesNested Pages
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38343
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 41.31%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 18:05
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nested Pages <= 3.1.15 Open Redirect

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.

Action-Not Available
Vendor-kylephillipsKyle Phillips
Product-nested_pagesNested Pages
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')