Vulnerabilities > Helpful Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-17 | CVE-2022-2834 | Files or Directories Accessible to External Parties vulnerability in Helpful Project Helpful The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings | 5.3 |
2021-11-17 | CVE-2021-24841 | Unspecified vulnerability in Helpful Project Helpful The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |