Vulnerabilities > Tipsandtricks HQ > ALL IN ONE WP Security Firewall

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-44737 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
network
low complexity
tipsandtricks-hq CWE-352
8.8
2022-05-02 CVE-2021-25102 Cross-site Scripting vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue.
network
high complexity
tipsandtricks-hq CWE-79
2.6
2019-08-14 CVE-2016-10888 SQL Injection vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
network
low complexity
tipsandtricks-hq CWE-89
7.5
2019-08-14 CVE-2016-10887 SQL Injection vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
network
low complexity
tipsandtricks-hq CWE-89
7.5
2019-08-14 CVE-2015-9310 SQL Injection vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
network
low complexity
tipsandtricks-hq CWE-89
7.5
2019-08-13 CVE-2016-10867 Cross-site Scripting vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
network
low complexity
tipsandtricks-hq CWE-79
6.1
2019-08-13 CVE-2016-10866 Cross-site Scripting vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
4.3
2019-08-13 CVE-2016-10868 Cross-site Scripting vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
4.3
2019-08-13 CVE-2015-9294 Cross-site Scripting vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
4.3
2019-08-13 CVE-2015-9293 Cross-site Scripting vulnerability in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
4.3