kylephillips CVE Vulnerabilities & Metrics

Focus on kylephillips vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About kylephillips Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with kylephillips. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total kylephillips CVEs: 6
Earliest CVE date: 30 Aug 2021, 19:15 UTC
Latest CVE date: 04 Jul 2024, 12:15 UTC

Latest CVE reference: CVE-2024-5943

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical kylephillips CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.27

Max CVSS: 5.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS kylephillips CVEs

These are the five CVEs with the highest CVSS scores for kylephillips, sorted by severity first and recency.

CVE-2021-38343 kylephillips Published on 30 Aug 2021, 19:15 UTC (CVSS: 5.8)
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.
CVE-2021-38342 kylephillips Published on 30 Aug 2021, 19:15 UTC (CVSS: 4.3)
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
CVE-2022-1990 kylephillips Published on 27 Jun 2022, 09:15 UTC (CVSS: 3.5)
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed
CVE-2024-5943 kylephillips Published on 04 Jul 2024, 12:15 UTC (CVSS: 0)
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administra...
CVE-2023-49195 kylephillips Published on 14 Dec 2023, 16:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

All CVEs for kylephillips

CVE-2024-5943 kylephillips vulnerability CVSS: 0 04 Jul 2024, 12:15 UTC

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-49195 kylephillips vulnerability CVSS: 0 14 Dec 2023, 16:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

CVE-2023-2434 kylephillips vulnerability CVSS: 0 31 May 2023, 04:15 UTC

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings.

CVE-2022-1990 kylephillips vulnerability CVSS: 3.5 27 Jun 2022, 09:15 UTC

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

CVE-2021-38343 kylephillips vulnerability CVSS: 5.8 30 Aug 2021, 19:15 UTC

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.

CVE-2021-38342 kylephillips vulnerability CVSS: 4.3 30 Aug 2021, 19:15 UTC

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.