Vulnerabilities > Weblizar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-1609 | Code Injection vulnerability in Weblizar School Management The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | 9.8 |
| 2023-11-06 | CVE-2022-46849 | SQL Injection vulnerability in Weblizar Responsive Coming Soon & Maintenance Mode Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | 9.8 |
| 2023-11-06 | CVE-2022-47430 | SQL Injection vulnerability in Weblizar School Management - Education & Learning Management Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | 9.8 |
| 2022-06-27 | CVE-2017-20098 | Cross-site Scripting vulnerability in Weblizar Admin Custom Login 2.4.5.2 A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. | 4.8 |
| 2021-08-02 | CVE-2021-34628 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Admin Custom Login The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | 8.8 |
| 2019-08-29 | CVE-2019-15781 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Social Likebox & Feed The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | 8.8 |
| 2018-01-13 | CVE-2018-5656 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Pinterest-Feeds 1.1.1 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. | 8.8 |
| 2018-01-13 | CVE-2018-5655 | Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. | 6.1 |
| 2018-01-13 | CVE-2018-5654 | Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. | 6.1 |
| 2018-01-13 | CVE-2018-5653 | Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. | 6.1 |