Vulnerabilities and security researches forlifepress lifepress

May 14, 2026

CVE, Research URL: CVE-2026-6690
Home page URL: Security reports for LifePress
Application: LifePress
Date: May 12, 2026
Research Description: The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the `wp_ajax_nopriv_lp_update_mds` action being registered without nonce verification or capability checks, combined with insufficient input sanitization and output escaping when the series name is rendered in the admin settings page. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.2.2.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2026-24563
Home page URL: Security reports for LifePress
Application: LifePress
Date: Jan 23, 2026
Research Description: Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.
Affected versions: max 2.1.3.
Status: vulnerable

Aug 24, 2025

CVE, Research URL: CVE-2025-53337
Home page URL: Security reports for LifePress
Application: LifePress
Date: Aug 28, 2025
Research Description: Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3.
Affected versions: max 2.1.3.
Status: vulnerable