CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22709 – WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22709
15 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0. The Verge3D plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully t... • https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-publishing-and-e-commerce-plugin-4-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51420 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-51420
29 Dec 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Soft8Soft LLC Verge3D Publishing and E-Commerce. Este problema afecta a Verge3D Publishing and E-Commerce: desde n/a hasta 4.5.2. • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51421 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51421
27 Dec 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Soft8Soft LLC Verge3D Publishing and E-Commerce. Este problema afecta a Verge3D Publishing and E-Commerce: desde n/a hasta 4.5.2. The Verge3D Publishing and E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing f... • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •