Filtered by vendor Wpdevart
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34656 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2025-02-20 | 4.8 Medium |
| Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. | ||||
| CVE-2023-24384 | 1 Wpdevart | 1 Organization Chart | 2025-01-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. | ||||
| CVE-2023-23983 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2025-01-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | ||||
| CVE-2022-47438 | 1 Wpdevart | 1 Booking Calendar | 2025-01-10 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions. | ||||
| CVE-2022-47603 | 1 Wpdevart | 1 Image And Video Gallery With Thumbnails | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions. | ||||
| CVE-2023-23870 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions. | ||||
| CVE-2023-23972 | 1 Wpdevart | 1 Social Like Box And Page | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. | ||||
| CVE-2023-24004 | 1 Wpdevart | 1 Download Image And Video Lightbox\, Image Popup | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions. | ||||
| CVE-2023-24002 | 1 Wpdevart | 1 Youtube Embed\, Playlist And Popup | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. | ||||
| CVE-2023-24387 | 1 Wpdevart | 1 Organization Chart | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions. | ||||
| CVE-2023-0900 | 1 Wpdevart | 1 Pricing Table Builder | 2025-01-08 | 7.2 High |
| The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | ||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | ||||
| CVE-2024-9504 | 1 Wpdevart | 1 Booking Calendar | 2024-11-26 | 7.2 High |
| The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-37542 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2024-35750 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2023-46075 | 1 Wpdevart | 1 Contact Form Builder | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions. | ||||
| CVE-2023-45630 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | ||||
| CVE-2023-45629 | 1 Wpdevart | 1 Gallery - Image And Video Gallery With Thumbnails | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | ||||
| CVE-2023-24388 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | ||||
| CVE-2023-0177 | 1 Wpdevart | 1 Social Like Box And Page | 2024-11-21 | 5.4 Medium |
| The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||