Vulnerabilities > Kibokolabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-10 | CVE-2021-38358 | Cross-site Scripting vulnerability in Kibokolabs Moolamojo 0.7.4.1 The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | 4.3 |
| 2021-09-09 | CVE-2021-38317 | Cross-site Scripting vulnerability in Kibokolabs Konnichiwa The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | 4.3 |
| 2020-01-17 | CVE-2020-7104 | Cross-site Scripting vulnerability in Kibokolabs Chained Quiz 1.1.8.1 The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | 4.3 |
| 2019-09-26 | CVE-2015-9418 | Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Watupro The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | 5.8 |
| 2019-08-20 | CVE-2016-10892 | Cross-site Scripting vulnerability in Kibokolabs Chained Quiz The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. | 4.3 |
| 2019-05-27 | CVE-2019-12345 | Cross-site Scripting vulnerability in Kibokolabs Hostel XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | 4.3 |
| 2018-12-03 | CVE-2018-1002000 | SQL Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8 There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. | 6.5 |