Vulnerabilities > Joomunited > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-13374 | Missing Authorization vulnerability in Joomunited WP Table Manager The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. | 6.5 |
| 2024-09-15 | CVE-2024-45455 | Cross-site Scripting vulnerability in Joomunited WP Meta SEO Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. | 4.8 |
| 2024-09-15 | CVE-2024-45456 | Cross-site Scripting vulnerability in Joomunited WP Meta SEO Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. | 5.4 |
| 2024-05-02 | CVE-2023-6961 | Cross-site Scripting vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-01 | CVE-2024-22148 | Unspecified vulnerability in Joomunited Wp-Smart-Editor 1.3.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | 6.1 |
| 2023-03-29 | CVE-2022-47602 | Unspecified vulnerability in Joomunited WP Table Manager Auth. | 5.4 |
| 2023-03-20 | CVE-2023-0876 | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. | 6.1 |
| 2023-02-28 | CVE-2023-1022 | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. | 4.3 |
| 2023-02-28 | CVE-2023-1023 | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. | 4.3 |
| 2023-02-28 | CVE-2023-1024 | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. | 4.3 |