Vulnerabilities > Total Soft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-8625 | SQL Injection vulnerability in Total-Soft TS Poll The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 7.2 |
| 2024-10-10 | CVE-2024-9022 | SQL Injection vulnerability in Total-Soft TS Poll The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2023-11-06 | CVE-2023-45069 | SQL Injection vulnerability in Total-Soft Video Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | 9.8 |
| 2023-05-03 | CVE-2023-25979 | Cross-site Scripting vulnerability in Total-Soft Video Gallery Auth. | 4.8 |
| 2022-09-21 | CVE-2022-36390 | Cross-site Scripting vulnerability in Total-Soft Event Calendar Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | 5.4 |
| 2022-09-09 | CVE-2022-38067 | Unspecified vulnerability in Total-Soft Event Calendar Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | 5.3 |
| 2020-04-13 | CVE-2020-11673 | Missing Authentication for Critical Function vulnerability in Total-Soft Responsive Poll An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. | 9.8 |