Exertio Framework

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:scriptsbundle:exertio_framework:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorScriptsbundle (13e7198d-c563-51dc-8fdd-759b0d423f28)
ProductExertio Framework (ef6c7b1c-0254-5ff5-8ec1-dd693a71c8f8)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-49402 vulnerable 2026-06-08 07:29:13.032800 WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.
Published: 2025-08-28T12:37:14.405Z
Updated: 2026-04-28T16:13:03.159Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13373 vulnerable 2026-06-08 06:25:37.550761 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update
HIGH (8.1)
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Published: 2025-03-01T06:39:27.540Z
Updated: 2026-04-08T17:05:30.357Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.