Filtered by vendor Wow-company
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29447 | 1 Wow-company | 1 Hover Effects | 2024-09-17 | 6.8 Medium |
| Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | ||||
| CVE-2022-29446 | 1 Wow-company | 1 Counter Box | 2024-09-16 | 6.8 Medium |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. | ||||
| CVE-2024-6926 | 1 Wow-company | 1 Viral-signup | 2024-09-04 | 9.8 Critical |
| The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2023-27418 | 1 Wow-company | 1 Side Menu Lite | 2024-08-30 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions. | ||||
| CVE-2024-6927 | 1 Wow-company | 1 Viral-signup | 2024-08-29 | 4.8 Medium |
| The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-35634 | 1 Wow-company | 1 Woocommerce - Recent Purchases | 2024-08-08 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1. | ||||
| CVE-2021-25053 | 1 Wow-company | 1 Wp Coder | 2024-08-03 | 8.8 High |
| The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2024-08-03 | 7.2 High |
| The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | ||||
| CVE-2021-25051 | 1 Wow-company | 1 Modal Window | 2024-08-03 | 8.8 High |
| The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25052 | 1 Wow-company | 1 Button Generator | 2024-08-03 | 8.8 High |
| The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-08-03 | 8.8 High |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | ||||
| CVE-2021-24628 | 1 Wow-company | 1 Wow Forms | 2024-08-03 | 7.2 High |
| The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection | ||||
| CVE-2022-2388 | 1 Wow-company | 1 Wp Coder | 2024-08-03 | 6.5 Medium |
| The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack | ||||
| CVE-2022-2245 | 1 Wow-company | 1 Counter Box | 2024-08-03 | 8.8 High |
| The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | ||||
| CVE-2023-52149 | 1 Wow-company | 1 Floating Button | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. | ||||
| CVE-2023-49155 | 1 Wow-company | 1 Button Generator | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8. | ||||
| CVE-2024-3476 | 1 Wow-company | 1 Side Menu Lite | 2024-08-02 | 8.8 High |
| The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2023-25443 | 1 Wow-company | 1 Button Generator | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions. | ||||
| CVE-2023-23984 | 1 Wow-company | 1 Bubble Menu | 2024-08-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion. | ||||
| CVE-2023-5161 | 1 Wow-company | 1 Modal Window | 2024-08-02 | 6.4 Medium |
| The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||