Vulnerabilities > WOW Company > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-6926 | SQL Injection vulnerability in Wow-Company Viral Signup The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 9.8 |
| 2024-06-04 | CVE-2024-35629 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wow-Company Easy Digital Downloads 1.0.2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | 9.8 |