Vulnerabilities and security researches forwpcasa wpcasa

Dec 08, 2024

CVE, Research URL: CVE-2024-53826
Home page URL: Security reports for WPCasa
Application: WPCasa
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.
Affected versions: max 1.2.13.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39575
Home page URL: Security reports for WPCasa
Application: WPCasa
Date: Apr 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2.
Affected versions: max 1.4.0.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-9321
Home page URL: Security reports for WPCasa
Application: WPCasa
Date: Sep 23, 2025
Research Description: The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code.
Affected versions: max 1.4.2.
Status: vulnerable