Codepress Vulnerabilities
Comprehensive security vulnerability database for Codepress products
2
2
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2022-4656 | 5.4 | This vulnerability allows an attacker with a low-level user role, like a contributor, to inject malicious scripts into the website, potentially leading to unauthorized actions or data theft. It occurs because the plugin fails to properly check and clean up certain inputs, making it easier for attackers to exploit. | codepressvisitor statistics | Exploit Available | about 3 years agoFeb 13, 2023 |
| CVE-2021-25042 | 5.4 | This vulnerability allows an attacker to add any IP address to the exclusion list of the WP Visitor Statistics plugin, potentially blocking legitimate traffic. It requires the attacker to be an authenticated user or to trick a logged-in user into executing the action, and it could also lead to malicious scripts being run in the admin area due to poor input handling. | codepressvisitor statistics | Theoretical | about 4 years agoFeb 28, 2022 |
About Codepress Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Codepress products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.