CVEDB API

Vulnerabilities

Vulnerable Software

Fullworksplugins: Security Vulnerabilities

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.

CVSS Score

5.3

EPSS Score

0.011

Published

2025-07-17

CVE-2023-1554

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS Score

4.8

EPSS Score

0.003

Published

2023-05-02

CVE-2023-23889

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVSS Score

6.5

EPSS Score

0.001

Published

2023-04-25

CVE-2022-47608

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-04-25

CVE-2023-25702

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVSS Score

5.9

EPSS Score

0.002

Published

2023-04-07

CVE-2023-25713

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVSS Score

7.1

EPSS Score

0.002

Published

2023-04-07

CVE-2023-23885

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

CVSS Score

6.5

EPSS Score

0.002

Published

2023-04-07

CVE-2023-23979

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.

CVSS Score

7.1

EPSS Score

0.002

Published

2023-04-06

CVE-2022-46863

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.

CVSS Score

5.9

EPSS Score

0.002

Published

2023-03-28

CVE-2023-23974

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

CVSS Score

4.3

EPSS Score

0.001

Published

2023-03-01

Page 1

Vulnerabilities

Vulnerable Software

Fullworksplugins: Security Vulnerabilities

Products

Pricing

Contact Us