Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-21	CVE-2022-0627	Cross-site Scripting vulnerability in Tms-Outsource Amelia 1.0.46 The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. network tms-outsource CWE-79	4.3
2022-03-21	CVE-2022-0687	Unrestricted Upload of File with Dangerous Type vulnerability in Tms-Outsource Amelia 1.0.46 The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. network low complexity tms-outsource CWE-434	6.5
2021-04-12	CVE-2021-24200	SQL Injection vulnerability in Tms-Outsource Wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. network low complexity tms-outsource CWE-89	4.0
2021-04-12	CVE-2021-24199	SQL Injection vulnerability in Tms-Outsource Wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. network low complexity tms-outsource CWE-89	4.0
2021-04-12	CVE-2021-24198	Unspecified vulnerability in Tms-Outsource Wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. network low complexity tms-outsource	5.5
2021-04-12	CVE-2021-24197	Unspecified vulnerability in Tms-Outsource Wpdatatables The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. network low complexity tms-outsource	5.5
2019-12-26	CVE-2019-6012	SQL Injection vulnerability in Tms-Outsource Wpdatatables Lite SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity tms-outsource CWE-89	6.5
2019-12-26	CVE-2019-6011	Cross-site Scripting vulnerability in Tms-Outsource Wpdatatables Lite Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network tms-outsource CWE-79	4.3