Vulnerabilities > Vektor INC > VK ALL IN ONE Expansion Unit > 9.86.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-27926 Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit
Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
vektor-inc CWE-79
5.4
5.4
2023-05-23 CVE-2023-28367 Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit
Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
vektor-inc CWE-79
5.4
5.4
2023-03-20 CVE-2023-0937 Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
network
low complexity
vektor-inc
6.1
6.1