CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26731 – WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26731
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3. The ARPrice plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages t... • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 2CVE-2024-49699 – WordPress ARPrice plugin <= 4.0.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49699
03 Jan 2025 — Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. • https://packetstorm.news/files/id/188671 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49666 – WordPress ARPrice plugin <= 4.0.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49666
03 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. The ARPrice plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, t... • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-49688 – WordPress ARPrice plugin <= 4.0.3 - Unauthenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49688
03 Jan 2025 — Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.0.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. • https://packetstorm.news/files/id/190151 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49700 – WordPress ARPrice plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49700
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3. The ARPrice - WordPress Pricing Table Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that ex... • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49655 – WordPress ARPrice plugin <= 4.0.3 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49655
03 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. The ARPrice plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into al... • https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •