Filtered by vendor Wpchill Subscriptions
Total 34 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-11106 1 Wpchill 1 Simple Restrict 2024-12-10 5.3 Medium
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-6571 1 Wpchill 1 Optimize Images Alt Text \(alt Tag\) \& Names For Seo Using Ai 2024-11-21 5.3 Medium
The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
CVE-2023-6491 1 Wpchill 1 Strong Testimonials 2024-11-21 4.3 Medium
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
CVE-2023-5704 1 Wpchill 1 Cpo Shortcodes 2024-11-21 6.4 Medium
The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-52123 1 Wpchill 1 Strong Testimonials 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
CVE-2023-34007 1 Wpchill 1 Download Monitor 2024-11-21 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
CVE-2023-31219 1 Wpchill 1 Download Monitor 2024-11-21 4.1 Medium
Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.
CVE-2023-28171 1 Wpchill 1 Brilliance 2024-11-21 5.4 Medium
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
CVE-2023-26013 1 Wpchill 1 Strong Testimonials 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
CVE-2023-25451 1 Wpchill 1 Cpo Content Types 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.
CVE-2022-4544 1 Wpchill 1 Mashshare 2024-11-21 5.4 Medium
The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-45354 1 Wpchill 1 Download Monitor 2024-11-21 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
CVE-2022-41135 1 Wpchill 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery 2024-11-21 6.5 Medium
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
CVE-2022-40672 1 Wpchill 1 Cpo Shortcodes 2024-11-21 4.8 Medium
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
CVE-2022-37407 1 Wpchill 1 Gallery Photoblocks 2024-11-21 4.1 Medium
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-36292 1 Wpchill 1 Gallery Photoblocks 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-2981 1 Wpchill 1 Download Monitor 2024-11-21 4.9 Medium
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
CVE-2022-2222 1 Wpchill 1 Download Monitor 2024-11-21 4.9 Medium
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
CVE-2022-27852 1 Wpchill 1 Kb Support 2024-11-21 6.1 Medium
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions.
CVE-2022-1547 1 Wpchill 1 Check \& Log Email 2024-11-21 6.1 Medium
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting