Seedprod

By the Year

In 2026 there have been 2 vulnerabilities in Seedprod with an average score of 5.9 out of ten. Last year, in 2025 Seedprod had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Seedprod in 2026 could surpass last years number.

Recent Seedprod Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-39464	Apr 08, 2026	SSRF in SeedProd Coming Soon Plugin <=6.19.8 Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.	Coming Soon
CVE-2026-27368	Feb 19, 2026	Missing Auth in SeedProd Plugin <=6.19.7 Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7.	Coming Soon
CVE-2024-10107	May 15, 2025	RafflePress WP Plugin <1.12.17: Stored XSS via unsanitised settings The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	Rafflepress
CVE-2025-24540	Jan 27, 2025	SeedProd WP Plugin 6.18.9 CSRF in Coming Soon Mode Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.18.9.	Coming Soon
CVE-2024-47299	Oct 06, 2024	SeedProd Stored XSS in Coming Soon Page Plugin <6.17.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.17.4.	Coming Soon
CVE-2024-6887	Sep 12, 2024	WordPress RafflePress <1.12.16 Stored XSS via unsanitised Giveaway settings The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	Rafflepress
CVE-2024-37556	Jul 21, 2024	SeedProd WP Notification Bar <=1.3.10 Stored XSS Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.	Wordpress Notification Bar
CVE-2024-4745	Jun 10, 2024	Missing Auth in RafflePress Giveaways v1.12.4 Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.	Rafflepress
CVE-2024-1072	Feb 05, 2024	Unauthorized Data Mod via Missing Cap Check in SeedProd WP Plugin v <=6.15.21 The Website Builder by SeedProd Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.	Website Builder By Seedprod
CVE-2023-5049	Oct 30, 2023	WP RafflePress <=1.12.x XSS via giframe attr (shortcode) The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	Rafflepress
CVE-2023-4975	Oct 20, 2023	CVE-2023-4975 WP SeedProd Website Builder 6.15.13.1: CSRF via builder.php The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	Website Builder By Seedprod
CVE-2020-15038	Jun 24, 2020	The SeedProd coming-soon plugin before 5.1.1 for WordPress The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.	Coming Soon Page Under Construction Maintenance Mode