Vulnerabilities > Tipsandtricks HQ

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-24735 Unspecified vulnerability in Tipsandtricks-Hq Compact WP Audio Player
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.
network
low complexity
tipsandtricks-hq
6.5
2021-10-11 CVE-2021-24711 Unspecified vulnerability in Tipsandtricks-Hq Software License Manager
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack
network
low complexity
tipsandtricks-hq
8.8
2021-09-13 CVE-2021-24560 Unspecified vulnerability in Tipsandtricks-Hq Software License Manager
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
network
low complexity
tipsandtricks-hq
6.1
2021-08-30 CVE-2021-24665 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Video Lightbox
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
network
low complexity
tipsandtricks-hq CWE-79
5.4
2021-07-14 CVE-2021-20782 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Software License Manager
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
tipsandtricks-hq CWE-352
8.8
2021-02-10 CVE-2020-29171 Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Security & Firewall
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
network
low complexity
tipsandtricks-hq CWE-79
6.1
2020-10-21 CVE-2020-5651 SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.
network
low complexity
tipsandtricks-hq CWE-89
8.8
2020-10-21 CVE-2020-5650 Cross-site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
network
low complexity
tipsandtricks-hq CWE-79
6.1
2019-09-12 CVE-2019-5993 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription
Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
tipsandtricks-hq CWE-352
8.8
2019-08-14 CVE-2016-10888 SQL Injection vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
network
low complexity
tipsandtricks-hq CWE-89
critical
9.8