Vulnerabilities > Total Soft

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-8625 SQL Injection vulnerability in Total-Soft TS Poll
The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
network
low complexity
total-soft CWE-89
7.2
2024-10-10 CVE-2024-9022 SQL Injection vulnerability in Total-Soft TS Poll
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
total-soft CWE-89
7.2
2023-11-06 CVE-2023-45069 SQL Injection vulnerability in Total-Soft Video Gallery
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.
network
low complexity
total-soft CWE-89
critical
9.8
2023-05-03 CVE-2023-25979 Unspecified vulnerability in Total-Soft Video Gallery
Auth.
network
low complexity
total-soft
4.8
2022-09-21 CVE-2022-36390 Unspecified vulnerability in Total-Soft Event Calendar
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
network
low complexity
total-soft
5.4
2022-09-09 CVE-2022-38067 Unspecified vulnerability in Total-Soft Event Calendar
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
network
low complexity
total-soft
5.3
2020-04-13 CVE-2020-11673 Missing Authentication for Critical Function vulnerability in Total-Soft Responsive Poll
An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress.
network
low complexity
total-soft CWE-306
critical
9.8