Vulnerabilities > Wedevs

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-2743 Unspecified vulnerability in Wedevs WP ERP
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
wedevs
6.1
2023-06-27 CVE-2023-2744 Unspecified vulnerability in Wedevs WP ERP
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
network
low complexity
wedevs
7.2
2022-12-12 CVE-2022-3915 Unspecified vulnerability in Wedevs Dokan
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
network
low complexity
wedevs
critical
9.8
2022-11-21 CVE-2021-24649 Unspecified vulnerability in Wedevs WP User Frontend
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption().
network
low complexity
wedevs
critical
9.8
2022-04-04 CVE-2021-36826 Unspecified vulnerability in Wedevs WP Project Manager
Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.
network
low complexity
wedevs
5.4
2022-01-24 CVE-2021-25076 Unspecified vulnerability in Wedevs WP User Frontend
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection.
network
low complexity
wedevs
8.8
2021-05-17 CVE-2021-24292 Unspecified vulnerability in Wedevs Happy Addons for Elementor
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter.
network
low complexity
wedevs
5.4