mpl-publisher CVE Vulnerabilities & Metrics

Focus on mpl-publisher vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About mpl-publisher Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with mpl-publisher. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total mpl-publisher CVEs: 2
Earliest CVE date: 19 Oct 2021, 15:15 UTC
Latest CVE date: 22 Apr 2025, 10:15 UTC

Latest CVE reference: CVE-2025-46226

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical mpl-publisher CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.75

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS mpl-publisher CVEs

These are the five CVEs with the highest CVSS scores for mpl-publisher, sorted by severity first and recency.

CVE-2021-39343 mpl-publisher Published on 19 Oct 2021, 15:15 UTC (CVSS: 3.5)
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is...
CVE-2025-46226 mpl-publisher Published on 22 Apr 2025, 10:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.

All CVEs for mpl-publisher

CVE-2025-46226 mpl-publisher vulnerability CVSS: 0 22 Apr 2025, 10:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.

CVE-2021-39343 mpl-publisher vulnerability CVSS: 3.5 19 Oct 2021, 15:15 UTC

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.