Vulnerabilities > Helloasso

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-05	CVE-2024-7605	Missing Authorization vulnerability in Helloasso The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. network low complexity helloasso CWE-862	4.3
2024-07-21	CVE-2024-37488	Cross-site Scripting vulnerability in Helloasso Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9. network low complexity helloasso CWE-79	5.4

Vulnerabilities > Helloasso {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Helloasso"}]}