Vulnerabilities > Weblizar

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2022-1609 Code Injection vulnerability in Weblizar School Management
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
network
low complexity
weblizar CWE-94
critical
9.8
2023-11-06 CVE-2022-46849 Unspecified vulnerability in Weblizar Responsive Coming Soon & Maintenance Mode
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.
network
low complexity
weblizar
critical
9.8
2023-11-06 CVE-2022-47430 Unspecified vulnerability in Weblizar School Management - Education & Learning Management
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.
network
low complexity
weblizar
critical
9.8
2022-06-27 CVE-2017-20098 Cross-site Scripting vulnerability in Weblizar Admin Custom Login 2.4.5.2
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2.
network
low complexity
weblizar CWE-79
4.8
2021-08-02 CVE-2021-34628 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Admin Custom Login
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.
network
low complexity
weblizar CWE-352
8.8
2019-08-29 CVE-2019-15781 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Social Likebox & Feed
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
network
low complexity
weblizar CWE-352
8.8
2018-01-13 CVE-2018-5656 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar Pinterest-Feeds 1.1.1
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress.
network
low complexity
weblizar CWE-352
8.8
2018-01-13 CVE-2018-5655 Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress.
network
low complexity
weblizar CWE-79
6.1
2018-01-13 CVE-2018-5654 Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress.
network
low complexity
weblizar CWE-79
6.1
2018-01-13 CVE-2018-5653 Cross-site Scripting vulnerability in Weblizar Pinterest-Feeds 1.1.1
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress.
network
low complexity
weblizar CWE-79
6.1