Filtered by vendor Wow-company Subscriptions
Filtered by product Viral-signup Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6927 1 Wow-company 2 Viral-signup, Viral Signup 2024-10-07 4.8 Medium
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-6926 1 Wow-company 2 Viral-signup, Viral Signup 2024-10-07 9.8 Critical
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection