CVE-2025-6350 — CVSS 6.4 (medium): The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2023-1413 — CVSS 6.1 (medium): The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a…
CVE-2023-6529 — CVSS 6.1 (medium): The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users…
CVE-2023-0174 — CVSS 5.4 (medium): The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a…
CVE-2023-1414 — CVSS 4.3 (medium): The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow…
CVE-2023-25708 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7…