W4 Post List Project W4 Post List — known CVE vulnerabilities
Every CVE whose affected-product data names W4 Post List Project W4 Post List, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-1371 — CVSS 6.5 (medium): The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their…
CVE-2023-27413 — CVSS 6.5 (medium): Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
CVE-2023-1373 — CVSS 6.1 (medium): The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected…
CVE-2023-0374 — CVSS 5.4 (medium): The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a…