Vulnerabilities > A3Rev
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-29097 | Unspecified vulnerability in A3Rev A3 Portfolio Auth. | 4.8 |
| 2023-03-01 | CVE-2023-23973 | Cross-Site Request Forgery (CSRF) vulnerability in A3Rev Contact US Page - Contact People Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0. | 6.5 |
| 2023-02-06 | CVE-2023-0095 | Unspecified vulnerability in A3Rev Page View Count The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2022-11-03 | CVE-2022-40131 | Cross-Site Request Forgery (CSRF) vulnerability in A3Rev Page View Count Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. | 4.3 |
| 2022-03-07 | CVE-2022-0434 | SQL Injection vulnerability in A3Rev Page View Count The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. | 9.8 |
| 2021-08-09 | CVE-2021-24509 | Unspecified vulnerability in A3Rev Page View Count The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. | 5.4 |