Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-13	CVE-2024-52268	Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. network low complexity vektor-inc CWE-79	4.8
2024-07-20	CVE-2024-37956	Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. network low complexity vektor-inc	5.4
2023-05-23	CVE-2023-27926	Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. network low complexity vektor-inc CWE-79	5.4
2023-05-23	CVE-2023-28367	Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. network low complexity vektor-inc CWE-79	5.4
2023-03-20	CVE-2023-0937	Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers network low complexity vektor-inc	6.1
2023-02-27	CVE-2023-0230	Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. network low complexity vektor-inc	5.4