Filtered by vendor Wedevs
Subscriptions
Total
34 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2744 | 1 Wedevs | 1 Wp Erp | 2024-12-03 | 7.2 High |
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | ||||
CVE-2024-12015 | 1 Wedevs | 1 Wp Project Manager | 2024-12-02 | 7.7 High |
The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. | ||||
CVE-2024-10520 | 1 Wedevs | 1 Wp Project Manager Task Team And Project Management Plugin Featuring Kanban Board And Gantt Charts | 2024-11-21 | 5.3 Medium |
The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability. | ||||
CVE-2024-6666 | 1 Wedevs | 1 Wp Erp | 2024-11-21 | 8.8 High |
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
CVE-2024-5790 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 6.4 Medium |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-34822 | 1 Wedevs | 1 Wemail | 2024-11-21 | 5.3 Medium |
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | ||||
CVE-2024-24711 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
CVE-2024-21747 | 1 Wedevs | 1 Wp Erp | 2024-11-21 | 7.6 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8. | ||||
CVE-2023-6632 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 6.1 Medium |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
CVE-2023-52217 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
CVE-2023-51676 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 4.9 Medium |
Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | ||||
CVE-2023-49860 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7. | ||||
CVE-2023-41236 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 7.1 High |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. | ||||
CVE-2023-3636 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 8.8 High |
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter. | ||||
CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 9.8 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | ||||
CVE-2023-34382 | 1 Wedevs | 1 Dokan | 2024-11-21 | 4.4 Medium |
Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | ||||
CVE-2023-34008 | 1 Wedevs | 1 Wp Erp | 2024-11-21 | 7.1 High |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions. | ||||
CVE-2023-2743 | 1 Wedevs | 1 Wp Erp | 2024-11-21 | 6.1 Medium |
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
CVE-2023-28989 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. | ||||
CVE-2023-26525 | 1 Wedevs | 1 Dokan | 2024-11-21 | 7.1 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. |