Vulnerabilities > Blocksera > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-02 CVE-2022-4059 SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
network
low complexity
blocksera CWE-89
critical
 9.8
9.8
2022-12-15 CVE-2022-44588 Unspecified vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1
Unauth.
network
low complexity
blocksera
critical
 9.8
9.8
2021-12-15 CVE-2021-36888 Missing Authentication for Critical Function vulnerability in Blocksera Image Hover Effects
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.
network
low complexity
blocksera CWE-306
critical
 9.8
9.8