Vulnerabilities > Pluginus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-2556 | Unspecified vulnerability in Pluginus Wordpress Currency Switcher The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-09 | CVE-2023-2557 | Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. | 4.3 |
| 2023-06-09 | CVE-2023-2558 | Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-05-28 | CVE-2023-33314 | Unspecified vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | 8.8 |
| 2023-03-22 | CVE-2023-28664 | Cross-site Scripting vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. | 5.4 |
| 2023-03-22 | CVE-2023-28666 | Cross-site Scripting vulnerability in Pluginus Inpost Gallery 2.1.4.1 The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. | 5.4 |
| 2023-02-06 | CVE-2022-4489 | Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 |
| 2023-01-16 | CVE-2022-4431 | Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
| 2022-12-19 | CVE-2022-4063 | Path Traversal vulnerability in Pluginus Inpost Gallery 2.1.4.1 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | 9.8 |
| 2022-06-27 | CVE-2022-1916 | Unspecified vulnerability in Pluginus Woot The Active Products Tables for WooCommerce. | 6.1 |