Kyle Phillips Nested Pages vulnerabilities

4 known vulnerabilities affecting kyle_phillips/nested_pages.

Total CVEs

4

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM2UNKNOWN1

Vulnerabilities

Page 1 of 1

CVE-2025-24579UNKNOWN≤ 3.2.92025-01-24

CVE-2025-24579 CWE-79 CVE-2025-24579: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through <= 3.2.9.

CVE-2023-49195MEDIUMCVSS 4.8≥ n/a, ≤ 3.2.62023-12-14

CVE-2023-49195 [MEDIUM] CWE-79 CVE-2023-49195: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

CVE-2021-38342HIGHCVSS 8.1≥ 3.1.15, ≤ 3.1.152021-08-30

CVE-2021-38342 [HIGH] CWE-352 CVE-2021-38342: The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `np The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.

CVE-2021-38343MEDIUMCVSS 6.1≥ 3.1.15, ≤ 3.1.152021-08-30

CVE-2021-38343 [MEDIUM] CWE-601 CVE-2021-38343: The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST p The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.