Vulnerabilities > Rednao

DATE CVE VULNERABILITY TITLE RISK
2023-11-18 CVE-2023-47551 Unspecified vulnerability in Rednao Donations Made Easy - Smart Donations
Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
network
low complexity
rednao
8.8
8.8
2023-11-14 CVE-2023-47550 Unspecified vulnerability in Rednao Donations Made Easy - Smart Donations
Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
network
low complexity
rednao
6.1
6.1
2023-11-06 CVE-2023-40207 Unspecified vulnerability in Rednao Donations Made Easy - Smart Donations
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
network
low complexity
rednao
critical
 9.8
9.8
2023-10-26 CVE-2023-46076 Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder
Unauth.
network
low complexity
rednao
6.1
6.1
2023-09-27 CVE-2023-40664 Unspecified vulnerability in Rednao Smart Donations
Unauth.
network
low complexity
rednao
6.1
6.1
2023-08-31 CVE-2023-4160 Unspecified vulnerability in Rednao Woocommerce PDF Invoice Builder
The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping.
network
low complexity
rednao
4.8
4.8
2023-08-25 CVE-2023-32603 Unspecified vulnerability in Rednao Smart Donations
Unauth.
network
low complexity
rednao
6.1
6.1
2022-03-07 CVE-2022-0163 Missing Authorization vulnerability in Rednao Smart Forms
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
network
low complexity
rednao CWE-862
6.5
6.5
2019-03-12 CVE-2019-5924 Cross-Site Request Forgery (CSRF) vulnerability in Rednao Smart Forms
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
low complexity
rednao CWE-352
8.8
8.8