Vulnerabilities and security researches forstops-core-theme-and-plugin-updates stops-core-theme-and-plugin-updates

May 28, 2026

CVE, Research URL: CVE-2026-7660
Home page URL: Security reports for Easy Updates Manager
Application: Easy Updates Manager
Date: May 28, 2026
Research Description: The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination() function. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page granted they can trick an administrator into performing an action such as clicking on a link.
Affected versions: max 9.0.21.
Status: vulnerable

Jul 24, 2024

PSC, Research URL: PSC-2024-62537
Home page URL: Security reports for Easy Updates Manager
Application: Easy Updates Manager
Date: Aug 05, 2025
Research Description: Easy Updates Manager offers a comprehensive solution for managing WordPress updates with ease. Whether you have a single-site installation or a WordPress Multisite setup, this plugin equips you with the tools needed to take control of your website updates efficiently. In this article, we explore the features of Easy Updates Manager, emphasizing its security measures and recognition through the “Plugin Security Certification” (PSC) from CleanTalk.
Affected versions: Min 9.0.21, max 9.0.21.
Status: SAFE & CERTIFIED

Jun 07, 2024

CVE, Research URL: CVE-2019-15650
Home page URL: Security reports for Easy Updates Manager
Application: Easy Updates Manager
Date: Aug 27, 2019
Research Description: The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.
Affected versions: max 8.0.5.
Status: vulnerable