Machothemes Cpo Companion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Machothemes Cpo Companion.
By the Year
In 2026 there have been 0 vulnerabilities in Machothemes Cpo Companion. Cpo Companion did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.10 |
It may take a day or so for new Cpo Companion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Machothemes Cpo Companion Security Vulnerabilities
CPO Companion WP Plugin <=1.0.9 allows Stored XSS via shortcode attributes
CVE-2022-4837
5.4 - Medium
- January 30, 2023
The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
XSS
CPO Companion WP Plugin 1.0.4: Authenticated Stored XSS
CVE-2023-0162
4.8 - Medium
- January 10, 2023
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Machothemes Cpo Companion or by Machothemes? Click the Watch button to subscribe.
