Vulnerabilities > Meowapps > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6723 | SQL Injection vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions. | 4.7 |
| 2024-06-10 | CVE-2024-35712 | Path Traversal vulnerability in Meowapps Database Cleaner Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | 4.9 |
| 2023-12-20 | CVE-2023-38513 | Authorization Bypass Through User-Controlled Key vulnerability in Meowapps Photo Engine Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | 5.4 |
| 2023-06-27 | CVE-2023-2580 | Unspecified vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |
| 2021-10-04 | CVE-2021-36850 | Cross-Site Request Forgery (CSRF) vulnerability in Meowapps Media File Renamer - Auto & Manual Rename Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). | 4.3 |
| 2021-10-04 | CVE-2021-24465 | SQL Injection vulnerability in Meowapps Meow Gallery The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. | 5.5 |
| 2021-08-16 | CVE-2021-34652 | Cross-site Scripting vulnerability in Meowapps Media Usage The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | 4.3 |
| 2019-08-22 | CVE-2018-20983 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | 4.3 |
| 2018-02-01 | CVE-2018-0511 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |