Vulnerabilities > Blocksera

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-02	CVE-2022-4059	SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1 The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. network low complexity blocksera CWE-89 critical	9.8
2022-12-15	CVE-2022-44588	SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1 Unauth. network low complexity blocksera CWE-89 critical	9.8
2021-12-15	CVE-2021-36888	Missing Authentication for Critical Function vulnerability in Blocksera Image Hover Effects Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. network low complexity blocksera CWE-306 critical	9.8
2021-05-05	CVE-2021-24264	Cross-site Scripting vulnerability in Blocksera Image Hover Effects The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. network low complexity blocksera CWE-79	5.4

Vulnerabilities > Blocksera {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Blocksera"}]}