Vulnerabilities and security researches forwp-experiments-free wp-experiments-free

Jun 07, 2024

CVE, Research URL: CVE-2022-0784
Home page URL: Security reports for Title Experiments Free
Application: Title Experiments Free
Date: Mar 28, 2022
Research Description: The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection
Affected versions: max 9.0.1.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22562
Home page URL: Security reports for Title Experiments Free
Application: Title Experiments Free
Date: Jan 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <= 9.0.4.
Affected versions: max 9.0.4.
Status: vulnerable

Jun 14, 2026

CVE, Research URL: CVE-2025-22561
Home page URL: Security reports for Title Experiments Free
Application: Title Experiments Free
Date: Jan 09, 2025
Research Description: Missing Authorization vulnerability in kbowson Title Experiments Free wp-experiments-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through <= 9.0.4.
Affected versions: max 9.0.4.
Status: vulnerable