Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

publishpress — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting publishpress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by publishpress:PublishPress AuthorsSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesPublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content ChangesGutenberg BlocksPost ExpiratorPublishPress RevisionsCo-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress AuthorsPublishPress Blocks – Block Controls, Block Visibility, Block PermissionsPublishPress Capabilities
CVE IDTitleCVSSSeverityPublished
CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability — Post ExpiratorCWE-79 5.4AIMediumAI2026-04-08
CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability — PublishPress RevisionsCWE-89 9.8 -2026-03-25
CVE-2026-25309 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability — PublishPress AuthorsCWE-862 7.5 High2026-03-25
CVE-2026-32394 WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability — PublishPress CapabilitiesCWE-862 8.2 -2026-03-13
CVE-2026-25330 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability — PublishPress AuthorsCWE-862 4.3 Medium2026-02-19
CVE-2026-25322 WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability — PublishPress RevisionsCWE-352 5.4 Medium2026-02-19
CVE-2025-14718 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862 5.4 Medium2026-01-09
CVE-2025-69361 WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability — Post ExpiratorCWE-862 4.3 Medium2026-01-06
CVE-2025-13741 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862 4.3 Medium2025-12-16
CVE-2025-13149 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862 4.3 Medium2025-11-21
CVE-2025-8588 Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — PublishPress Blocks – Block Controls, Block Visibility, Block PermissionsCWE-79 6.4 Medium2025-10-25
CVE-2025-48332 WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability — Gutenberg BlocksCWE-98 7.5 High2025-08-14
CVE-2025-49032 WordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability — Gutenberg BlocksCWE-79 6.5 Medium2025-07-03
CVE-2025-47496 WordPress PublishPress Authors plugin <= 4.7.5 - Local File Inclusion Vulnerability — PublishPress AuthorsCWE-98 7.5 High2025-05-07
CVE-2025-26886 WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability — PublishPress AuthorsCWE-89 7.6 High2025-03-15
CVE-2024-11154 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content ChangesCWE-862 4.3 Medium2024-11-20
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover — Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress AuthorsCWE-639 8.8 High2024-10-17
CVE-2024-9436 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting — PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content ChangesCWE-79 6.1 Medium2024-10-11

This page lists every published CVE security advisory associated with publishpress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.