Kiboit Phastpress vulnerabilities
2 known vulnerabilities affecting kiboit/phastpress.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-14388P2CRITICALCVSS 9.8≤ 3.72025-12-23
CVE-2025-14388 [CRITICAL] CWE-158 CVE-2025-14388: The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null by
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in `getExtensionForURL()` which operates on URL-decoded paths, and `appendNormalized()` which strips everything after a null byte b
nvd
CVE-2021-24210P3MEDIUMCVSS 6.1PoCfixed in 1.1112021-04-05
CVE-2021-24210 [MEDIUM] CWE-601 CVE-2021-24210: There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php
nvd