Kylephillips Nested_pages

8 CVEs affecting Kylephillips Nested_pages. Latest disclosed: 2025-05-15. Critical: 0, High: 2.

Top CVEs affecting Kylephillips Nested_pages
CVESeverityScorePublishedSummary
CVE-2024-5943High8.82024-07-04The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorr…
CVE-2021-38342High8.12021-08-30The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which a…
CVE-2023-49195Medium5.92023-12-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue a…
CVE-2024-8759Medium4.82025-05-15The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfo…
CVE-2025-0718Medium4.82025-03-23The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors…
CVE-2022-1990Medium4.82022-06-27The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored…
CVE-2021-38343Medium4.72021-08-30The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSo…
CVE-2023-2434Low3.82023-05-31The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, a…