Vulnerabilities > Hirewebxperts

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-16	CVE-2024-12613	SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity hirewebxperts CWE-89	7.5
2025-01-16	CVE-2024-12614	Missing Authorization vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. network low complexity hirewebxperts CWE-862	4.3
2025-01-16	CVE-2024-12615	SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity hirewebxperts CWE-89	6.5

Vulnerabilities > Hirewebxperts {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hirewebxperts"}]}