Wpdevart CVE - OpenCVE

Filtered by vendor Wpdevart Subscriptions

Total 31 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-45629	1 Wpdevart	1 Gallery - Image And Video Gallery With Thumbnails	2024-02-01	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
CVE-2023-47533	1 Wpdevart	1 Countdown And Countup\, Woocommerce Sales Timer	2023-11-17	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.
CVE-2022-47428	1 Wpdevart	1 Booking Calendar	2023-11-14	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.
CVE-2023-24388	1 Wpdevart	1 Booking Calendar	2023-11-07	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
CVE-2023-24387	1 Wpdevart	1 Organization Chart	2023-11-07	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.
CVE-2023-24384	1 Wpdevart	1 Organization Chart	2023-11-07	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
CVE-2023-24004	1 Wpdevart	1 Download Image And Video Lightbox\, Image Popup	2023-11-07	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.
CVE-2023-24002	1 Wpdevart	1 Youtube Embed\, Playlist And Popup	2023-11-07	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.
CVE-2023-23983	1 Wpdevart	1 Responsive Vertical Icon Menu	2023-11-07	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.
CVE-2023-23972	1 Wpdevart	1 Social Like Box And Page	2023-11-07	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.
CVE-2023-23870	1 Wpdevart	1 Responsive Vertical Icon Menu	2023-11-07	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.
CVE-2023-0900	1 Wpdevart	1 Pricing Table Builder	2023-11-07	7.2 High
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
CVE-2023-0177	1 Wpdevart	1 Social Like Box And Page	2023-11-07	5.4 Medium
The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2022-47603	1 Wpdevart	1 Image And Video Gallery With Thumbnails	2023-11-07	6.1 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.
CVE-2022-47438	1 Wpdevart	1 Booking Calendar	2023-11-07	5.4 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
CVE-2022-3982	1 Wpdevart	1 Booking Calendar	2023-11-07	9.8 Critical
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
CVE-2022-0164	1 Wpdevart	1 Coming Soon And Maintenance Mode	2023-11-07	4.3 Medium
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users
CVE-2023-46075	1 Wpdevart	1 Contact Form Builder	2023-11-03	6.1 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.
CVE-2023-45630	1 Wpdevart	1 Gallery	2023-10-25	6.1 Medium
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
CVE-2022-34656	1 Wpdevart	1 Poll\, Survey\, Questionnaire And Voting System	2022-09-09	4.8 Medium
Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.

Page 1 of 2. next last »