Vulnerabilities and security researches forpilotpress pilotpress

Jun 07, 2024

CVE, Research URL: e4c93ccba1075e159a37aa793e89316e3046711e
Home page URL: Security reports for PilotPress
Application: PilotPress
Date: -
Research Description: PilotPress [pilotpress] < 2.0.31 WordPress PilotPress Plugin <= 2.0.29 is vulnerable to Broken Access Control No patched version is available. Nguyen Xuan Chien discovered and reported this Broken Access Control vulnerability in WordPress PilotPress Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet. This vulnerability was reported to and published by Patchstack. Our users receive alerts and protections up to 48 hours in advance. Have additional information or questions about this entry? Get in touch.
Affected versions: max 2.0.31.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2024-23524
Home page URL: Security reports for PilotPress
Application: PilotPress
Date: Jun 10, 2024
Research Description: Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
Affected versions: max 2.0.31.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-58221
Home page URL: Security reports for PilotPress
Application: PilotPress
Date: Sep 23, 2025
Research Description: Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.36.
Affected versions: max 2.0.36.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-58238
Home page URL: Security reports for PilotPress
Application: PilotPress
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress pilotpress allows Stored XSS.This issue affects PilotPress: from n/a through <= 2.0.36.
Affected versions: max 2.0.36.
Status: vulnerable