Vulnerabilities > Tipsandtricks HQ > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-17 | CVE-2022-2194 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Accept Stripe The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-05-02 | CVE-2021-25102 | Cross-site Scripting vulnerability in Tipsandtricks-Hq ALL in ONE WP Security & Firewall The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. | 2.6 |
| 2022-01-24 | CVE-2021-24694 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode. | 3.5 |
| 2021-10-18 | CVE-2021-24734 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Compact WP Audio Player The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | 3.5 |
| 2021-08-30 | CVE-2021-24665 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Video Lightbox The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks | 3.5 |