Vulnerabilities > Tipsandtricks HQ

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-18	CVE-2021-24735	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Compact WP Audio Player The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. network low complexity tipsandtricks-hq CWE-352	6.5
2021-10-11	CVE-2021-24711	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack network low complexity tipsandtricks-hq CWE-352	8.8
2021-09-13	CVE-2021-24560	Cross-site Scripting vulnerability in Tipsandtricks-Hq Software License Manager The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue network low complexity tipsandtricks-hq CWE-79	6.1
2021-08-30	CVE-2021-24665	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Video Lightbox The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks network low complexity tipsandtricks-hq CWE-79	5.4
2021-07-14	CVE-2021-20782	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. network low complexity tipsandtricks-hq CWE-352	8.8
2021-02-10	CVE-2020-29171	Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Security & Firewall Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. network low complexity tipsandtricks-hq CWE-79	6.1
2020-10-21	CVE-2020-5651	SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. network low complexity tipsandtricks-hq CWE-89	8.8
2020-10-21	CVE-2020-5650	Cross-site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. network low complexity tipsandtricks-hq CWE-79	6.1
2019-09-12	CVE-2019-5993	Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. network low complexity tipsandtricks-hq CWE-352	8.8
2019-08-14	CVE-2016-10888	SQL Injection vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. network low complexity tipsandtricks-hq CWE-89 critical	9.8

Vulnerabilities > Tipsandtricks HQ {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tipsandtricks HQ"}]}

Vulnerabilities > Tipsandtricks HQ