Wpsight Wpcasa vulnerabilities
4 known vulnerabilities affecting wpsight/wpcasa.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-9321P2CRITICALCVSS 9.8≤ 1.4.12025-09-23
CVE-2025-9321 [CRITICAL] CWE-94 CVE-2025-9321: The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code.
nvd
CVE-2024-53826P4MEDIUMCVSS 5.3≤ 1.2.132024-12-06
CVE-2024-53826 [MEDIUM] CWE-862 CVE-2024-53826: Missing Authorization vulnerability in WPSight WPCasa wpcasa allows Accessing Functionality Not Prop
Missing Authorization vulnerability in WPSight WPCasa wpcasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through <= 1.2.13.
nvd
CVE-2025-39575P4MEDIUMCVSS 6.5≤ 1.3.22025-04-16
CVE-2025-39575 [MEDIUM] CWE-79 CVE-2025-39575: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.
nvd
CVE-2025-62043P4MEDIUMCVSS 6.5≥ n/a, ≤ 1.4.12026-03-19
CVE-2025-62043 [MEDIUM] CWE-79 CVE-2025-62043: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.
nvd