Vulnerabilities > Tatvic

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2022-46797 Cross-Site Request Forgery (CSRF) vulnerability in Tatvic Conversios.Io
Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.
network
low complexity
tatvic CWE-352
4.3
2022-03-07 CVE-2021-24952 SQL Injection vulnerability in Tatvic Conversios.Io
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
network
low complexity
tatvic CWE-89
6.5