Vulnerabilities > Wedevs

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-21	CVE-2021-24649	Unspecified vulnerability in Wedevs WP User Frontend The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). network low complexity wedevs critical	9.8
2022-04-04	CVE-2021-36826	Unspecified vulnerability in Wedevs WP Project Manager Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. network low complexity wedevs	5.4
2022-01-24	CVE-2021-25076	Unspecified vulnerability in Wedevs WP User Frontend The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. network low complexity wedevs	8.8
2021-05-17	CVE-2021-24292	Unspecified vulnerability in Wedevs Happy Addons for Elementor The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. network low complexity wedevs	5.4

Vulnerabilities > Wedevs {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wedevs"}]}