Search
Search Results (29 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13374 | 1 Joomunited | 1 Wp Table Manager | 2026-04-08 | 4.3 Medium |
| The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories. | ||||
| CVE-2025-5034 | 1 Joomunited | 1 Wp File Download | 2025-07-02 | 7.1 High |
| The wp-file-download WordPress plugin before 6.2.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2023-0876 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-26 | 6.1 Medium |
| The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. | ||||
| CVE-2023-0875 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-26 | 8.8 High |
| The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. | ||||
| CVE-2022-30337 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | ||||
| CVE-2023-1381 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-11 | 8.8 High |
| The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. | ||||
| CVE-2022-47602 | 1 Joomunited | 1 Wp Table Manager | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions. | ||||
| CVE-2022-1093 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | 4.8 Medium |
| The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | ||||
| CVE-2016-10913 | 1 Joomunited | 1 Wp Latest Posts | 2024-11-21 | N/A |
| The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | ||||