Vulnerabilities > Tipsandtricks HQ

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-15	CVE-2024-6072	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers network low complexity tipsandtricks-hq CWE-79	6.1
2024-07-15	CVE-2024-6073	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity tipsandtricks-hq CWE-79	6.1
2024-07-15	CVE-2024-6074	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity tipsandtricks-hq CWE-79	6.1
2024-07-15	CVE-2024-6075	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks network low complexity tipsandtricks-hq CWE-352	8.8
2024-07-15	CVE-2024-6076	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity tipsandtricks-hq CWE-79	6.1
2024-01-27	CVE-2023-6497	Cross-site Scripting vulnerability in Tipsandtricks-Hq Wordpress Simple Paypal Shopping Cart The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. network low complexity tipsandtricks-hq CWE-79	4.8
2023-11-03	CVE-2022-47588	SQL Injection vulnerability in Tipsandtricks-Hq Simple Photo Gallery 1.8.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. network low complexity tipsandtricks-hq CWE-89 critical	9.8
2023-05-12	CVE-2023-22685	Cross-site Scripting vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription Auth. network low complexity tipsandtricks-hq CWE-79	4.8
2023-05-03	CVE-2023-22691	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. network low complexity tipsandtricks-hq CWE-352	8.8
2023-03-17	CVE-2023-1469	Unspecified vulnerability in Tipsandtricks-Hq WP Express Checkout The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. network low complexity tipsandtricks-hq	4.8

Vulnerabilities > Tipsandtricks HQ {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tipsandtricks HQ"}]}

Vulnerabilities > Tipsandtricks HQ