ReportizFlow
Filtered by vendor Wpchill
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25050 | 1 Wpchill | 1 Remove Footer Credit | 2024-11-21 | 4.8 Medium |
| The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | ||||
| CVE-2021-24908 | 1 Wpchill | 1 Check \& Log Email | 2024-11-21 | 6.1 Medium |
| The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-24774 | 1 Wpchill | 1 Check \& Log Email | 2024-11-21 | 7.2 High |
| The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | ||||
| CVE-2021-24446 | 1 Wpchill | 1 Remove Footer Credit | 2024-11-21 | 5.4 Medium |
| The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation | ||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-11-21 | 6.1 Medium |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | ||||