Vulnerabilities > Pluginus

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50451 Cross-site Scripting vulnerability in Pluginus Meta Data and Taxonomies Filter
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
network
low complexity
pluginus CWE-79
5.4
5.4
2024-10-28 CVE-2024-50450 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
network
low complexity
pluginus CWE-94
critical
 9.8
9.8
2024-09-25 CVE-2024-7491 Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key.
network
low complexity
pluginus
4.3
4.3
2024-09-24 CVE-2024-8623 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3.
network
low complexity
pluginus CWE-94
7.3
7.3
2024-09-24 CVE-2024-8624 SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
critical
 9.9
9.9
2024-09-14 CVE-2024-8271 Code Injection vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1.
network
low complexity
pluginus CWE-94
7.3
7.3
2024-08-13 CVE-2024-43121 Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
network
low complexity
pluginus
7.2
7.2
2024-07-16 CVE-2024-6457 SQL Injection vulnerability in Pluginus Husky - products Filter Professional for Woocommerce
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
7.5
7.5
2024-06-09 CVE-2024-32818 Unspecified vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
network
low complexity
pluginus
8.8
8.8
2024-06-08 CVE-2024-35730 Unspecified vulnerability in Pluginus Woot
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.
network
low complexity
pluginus
6.1
6.1