Simple-press Simple:press — known CVE vulnerabilities
Every CVE whose affected-product data names Simple-press Simple:press, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-36706 — CVSS 9.8 (critical): The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in…
CVE-2022-4030 — CVSS 8.1 (high): The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which…
CVE-2022-4027 — CVSS 7.2 (high): The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum…
CVE-2022-4028 — CVSS 6.4 (medium): The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the…
CVE-2022-4029 — CVSS 4.7 (medium): The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]'…
CVE-2022-4031 — CVSS 3.8 (low): The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file'…