Filtered by vendor Wpchill
Subscribe
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11282 | 1 Wpchill | 1 Passster | 2025-06-05 | N/A | 7.5 HIGH |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2021-24786 | 1 Wpchill | 1 Download Monitor | 2025-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | |||||
| CVE-2024-3710 | 1 Wpchill | 1 Image Photo Gallery Final Tiles Grid | 2025-05-13 | N/A | N/A |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | |||||
| CVE-2024-3261 | 1 Wpchill | 1 Strong Testimonials | 2025-05-08 | N/A | N/A |
| The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed | |||||
| CVE-2024-2026 | 1 Wpchill | 1 Passster | 2025-05-06 | N/A | 5.4 MEDIUM |
| The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-4544 | 1 Wpchill | 1 Mashshare | 2025-04-04 | N/A | 5.4 MEDIUM |
| The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2024-32429 | 1 Wpchill | 1 Remove Footer Credit | 2025-04-02 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13. | |||||
| CVE-2024-1083 | 1 Wpchill | 1 Simple Restrict | 2025-03-11 | N/A | N/A |
| The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content | |||||
| CVE-2024-30501 | 1 Wpchill | 1 Download Monitor | 2025-02-27 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. | |||||
| CVE-2021-31567 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 6.8 MEDIUM | 6.8 MEDIUM |
| Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. | |||||
| CVE-2024-0616 | 1 Wpchill | 1 Passster | 2025-01-27 | N/A | 5.3 MEDIUM |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages. | |||||
| CVE-2024-49256 | 1 Wpchill | 1 Htaccess File Editor | 2024-11-19 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | |||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-05 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | |||||
| CVE-2022-4972 | 1 Wpchill | 1 Download Monitor | 2024-10-30 | N/A | 7.5 HIGH |
| The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. | |||||
| CVE-2023-6491 | 1 Wpchill | 1 Strong Testimonials | 2024-10-29 | N/A | 4.3 MEDIUM |
| The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views. | |||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | |||||
| CVE-2023-52123 | 1 Wpchill | 1 Strong Testimonials | 2024-10-29 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | |||||
| CVE-2024-8552 | 1 Wpchill | 1 Download Monitor | 2024-10-02 | N/A | 4.3 MEDIUM |
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality. | |||||
| CVE-2022-27852 | 1 Wpchill | 1 Kb Support | 2024-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | |||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | |||||