Filtered by vendor Wpopal
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52444 | 1 Wpopal | 1 Opal Woo Custom Product Variation | 2024-11-20 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPOPAL Opal Woo Custom Product Variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through 1.1.3. | ||||
| CVE-2022-40700 | 12 Agence-press, Arcstone, Deano and 9 more | 15 Css Adder, Amo For Wp - Membership Management, Amp Toolbox and 12 more | 2024-11-13 | 8.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. | ||||
| CVE-2021-4388 | 1 Wpopal | 1 Opal Estate | 2024-10-25 | 4.3 Medium |
| The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties. | ||||
| CVE-2021-4387 | 1 Wpopal | 1 Opal Estate | 2024-10-25 | 4.3 Medium |
| The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-9073 | 2 Gutengeek, Wpopal | 2 Free Gutenberg Blocks, Gutengeek Free Gutenberg Blocks For Wordpress | 2024-10-02 | 6.4 Medium |
| The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2022-29449 | 1 Wpopal | 1 Opal Hotel Room Booking | 2024-09-16 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | ||||
| CVE-2024-33649 | 1 Wpopal | 1 Opal Widgets For Elementor | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9. | ||||
Page 1 of 1.