Vulnerabilities > Tipsandtricks HQ > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-13 | CVE-2016-10868 | Cross-site Scripting vulnerability in ONE WP Security & Firewall The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | 4.3 |
| 2019-08-13 | CVE-2015-9294 | Cross-site Scripting vulnerability in ONE WP Security & Firewall The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | 4.3 |
| 2019-08-13 | CVE-2015-9293 | Cross-site Scripting vulnerability in ONE WP Security & Firewall The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | 4.3 |
| 2014-05-13 | CVE-2013-2705 | Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq Wordpress Simple Paypal Shopping Cart Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings. | 6.8 |