Kylephillips Nested_pages
8 CVEs affecting Kylephillips Nested_pages. Latest disclosed: 2025-05-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-5943 | High | 8.8 | 2024-07-04 | The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorr… |
CVE-2021-38342 | High | 8.1 | 2021-08-30 | The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which a… |
CVE-2023-49195 | Medium | 5.9 | 2023-12-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue a… |
CVE-2024-8759 | Medium | 4.8 | 2025-05-15 | The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfo… |
CVE-2025-0718 | Medium | 4.8 | 2025-03-23 | The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors… |
CVE-2022-1990 | Medium | 4.8 | 2022-06-27 | The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored… |
CVE-2021-38343 | Medium | 4.7 | 2021-08-30 | The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSo… |
CVE-2023-2434 | Low | 3.8 | 2023-05-31 | The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, a… |