Vulnerabilities > Tipsandtricks HQ

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2024-6072 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
network
low complexity
tipsandtricks-hq CWE-79
6.1
2024-07-15 CVE-2024-6073 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
tipsandtricks-hq CWE-79
6.1
2024-07-15 CVE-2024-6074 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
tipsandtricks-hq CWE-79
6.1
2024-07-15 CVE-2024-6075 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
network
low complexity
tipsandtricks-hq CWE-352
8.8
2024-07-15 CVE-2024-6076 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
tipsandtricks-hq CWE-79
6.1
2024-01-27 CVE-2023-6497 Cross-site Scripting vulnerability in Tipsandtricks-Hq Wordpress Simple Paypal Shopping Cart
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping.
network
low complexity
tipsandtricks-hq CWE-79
4.8
2023-11-03 CVE-2022-47588 Unspecified vulnerability in Tipsandtricks-Hq Simple Photo Gallery 1.8.1
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.
network
low complexity
tipsandtricks-hq
critical
9.8
2023-05-12 CVE-2023-22685 Cross-site Scripting vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription
Auth.
network
low complexity
tipsandtricks-hq CWE-79
4.8
2023-05-03 CVE-2023-22691 Unspecified vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.
network
low complexity
tipsandtricks-hq
8.8
2023-03-17 CVE-2023-1469 Unspecified vulnerability in Tipsandtricks-Hq WP Express Checkout
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping.
network
low complexity
tipsandtricks-hq
4.8