Vulnerabilities > Meowapps > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6723 | SQL Injection vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions. | 4.7 |
| 2024-06-10 | CVE-2024-35712 | Unspecified vulnerability in Meowapps Database Cleaner Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | 4.9 |
| 2023-12-20 | CVE-2023-38513 | Unspecified vulnerability in Meowapps Photo Engine Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | 5.4 |
| 2023-06-27 | CVE-2023-2580 | Unspecified vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |
| 2021-10-04 | CVE-2021-36850 | Cross-Site Request Forgery (CSRF) vulnerability in Meowapps Media File Renamer - Auto & Manual Rename Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). | 4.3 |
| 2021-08-16 | CVE-2021-34652 | Cross-site Scripting vulnerability in Meowapps Media Usage The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | 6.1 |
| 2019-08-22 | CVE-2018-20983 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | 6.1 |
| 2018-02-01 | CVE-2018-0511 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |