Vulnerabilities > Wedevs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-41236 | Cross-site Scripting vulnerability in Wedevs Happy Addons for Elementor Unauth. | 6.1 |
| 2023-08-30 | CVE-2023-34008 | Cross-site Scripting vulnerability in Wedevs WP ERP Unauth. | 6.1 |
| 2023-07-01 | CVE-2020-36748 | Unspecified vulnerability in Wedevs Dokan The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. | 4.3 |
| 2023-07-01 | CVE-2020-36735 | Unspecified vulnerability in Wedevs WP ERP The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. | 4.3 |
| 2023-06-27 | CVE-2023-2743 | Unspecified vulnerability in Wedevs WP ERP The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
| 2022-04-04 | CVE-2021-36826 | Cross-site Scripting vulnerability in Wedevs WP Project Manager Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | 5.4 |
| 2022-01-24 | CVE-2021-25076 | SQL Injection vulnerability in Wedevs WP User Frontend The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. | 6.5 |