Vulnerabilities > Vsourz
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-22 | CVE-2024-37245 | Cross-site Scripting vulnerability in Vsourz ALL in ONE Redirection Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0. | 6.1 |
2023-11-12 | CVE-2023-28167 | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz CF7 Invisible Recaptcha Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions. | 8.8 |
2023-07-10 | CVE-2023-2493 | Unspecified vulnerability in Vsourz ALL in ONE Redirection The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-02-13 | CVE-2022-45285 | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB 1.7.2/1.9.1 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-05-25 | CVE-2022-29408 | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.3 |
2022-03-21 | CVE-2021-24905 | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. | 8.0 |
2019-09-09 | CVE-2018-21012 | Cross-site Scripting vulnerability in Vsourz CF7 Invisible Recaptcha The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | 6.1 |
2019-07-29 | CVE-2019-13571 | SQL Injection vulnerability in Vsourz Advanced CF7 DB A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. | 9.8 |