Vulnerabilities > Wedevs

DATE CVE VULNERABILITY TITLE RISK
2024-11-02 CVE-2024-8739 Cross-site Scripting vulnerability in Wedevs Recaptcha Integration
The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
network
low complexity
wedevs CWE-79
6.1
2024-10-29 CVE-2024-47640 Cross-site Scripting vulnerability in Wedevs WP ERP
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.
network
low complexity
wedevs CWE-79
6.1
2024-09-25 CVE-2024-8801 Unspecified vulnerability in Wedevs Happy Addons for Elementor
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget.
network
low complexity
wedevs
4.3
2024-08-29 CVE-2024-38693 SQL Injection vulnerability in Wedevs WP User Frontend
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
network
low complexity
wedevs CWE-89
7.2
2024-06-29 CVE-2024-5790 Cross-site Scripting vulnerability in Wedevs Happy Addons for Elementor
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping.
network
low complexity
wedevs CWE-79
5.4
2024-06-11 CVE-2024-34822 Unspecified vulnerability in Wedevs Wemail 1.14.2
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.
network
low complexity
wedevs
5.3
2024-06-11 CVE-2023-52217 Unspecified vulnerability in Wedevs Woocommerce Conversion Tracking
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
network
low complexity
wedevs
6.3
2024-01-16 CVE-2022-3194 Cross-site Scripting vulnerability in Wedevs Dokan
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
network
low complexity
wedevs CWE-79
5.4
2024-01-11 CVE-2023-6632 Cross-site Scripting vulnerability in Wedevs Happy Addons for Elementor
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping.
network
low complexity
wedevs CWE-79
6.1
2024-01-08 CVE-2024-21747 Unspecified vulnerability in Wedevs WP ERP
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8.
network
low complexity
wedevs
4.9