Vulnerabilities > Tipsandtricks HQ
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-15 | CVE-2024-6072 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 6.1 |
2024-07-15 | CVE-2024-6073 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2024-07-15 | CVE-2024-6074 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2024-07-15 | CVE-2024-6075 | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 8.8 |
2024-07-15 | CVE-2024-6076 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2024-01-27 | CVE-2023-6497 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Wordpress Simple Paypal Shopping Cart The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. | 4.8 |
2023-11-03 | CVE-2022-47588 | Unspecified vulnerability in Tipsandtricks-Hq Simple Photo Gallery 1.8.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | 9.8 |
2023-05-12 | CVE-2023-22685 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription Auth. | 4.8 |
2023-05-03 | CVE-2023-22691 | Unspecified vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | 8.8 |
2023-03-17 | CVE-2023-1469 | Unspecified vulnerability in Tipsandtricks-Hq WP Express Checkout The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. | 4.8 |