Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-28	CVE-2024-50450	Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. network low complexity pluginus CWE-94 critical	9.8
2024-09-24	CVE-2024-8624	SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity pluginus CWE-89 critical	9.9
2023-12-29	CVE-2023-51505	Deserialization of Untrusted Data vulnerability in Pluginus Woot Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. network low complexity pluginus CWE-502 critical	9.8
2023-12-20	CVE-2023-40010	SQL Injection vulnerability in Pluginus Husky - products Filter Professional for Woocommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY – Products Filter for WooCommerce Professional.This issue affects HUSKY – Products Filter for WooCommerce Professional: from n/a through 1.3.4.2. network low complexity pluginus CWE-89 critical	9.8
2022-12-19	CVE-2022-4063	Path Traversal vulnerability in Pluginus Inpost Gallery 2.1.4.1 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. network low complexity pluginus CWE-22 critical	9.8