Search
Search Results (72 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12015 | 1 Wedevs | 1 Wp Project Manager | 2024-12-02 | 7.7 High |
| The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. | ||||
| CVE-2024-34822 | 1 Wedevs | 1 Wemail | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | ||||
| CVE-2024-24711 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2023-52217 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2023-51676 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | ||||
| CVE-2023-49860 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7. | ||||
| CVE-2023-41236 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. | ||||
| CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | ||||
| CVE-2023-28989 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. | ||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2024-11-21 | 8.8 High |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | ||||
| CVE-2021-24292 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter. | ||||
| CVE-2024-38693 | 1 Wedevs | 1 Wp User Frontend | 2024-09-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7. | ||||