High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-05	CVE-2023-52149	Unspecified vulnerability in Wow-Company Floating Button Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. network low complexity wow-company	8.8
2023-12-18	CVE-2023-49155	Unspecified vulnerability in Wow-Company Button Generator Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8. network low complexity wow-company	8.8
2023-11-12	CVE-2023-27418	Unspecified vulnerability in Wow-Company Side Menu Lite Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions. network low complexity wow-company	8.8
2022-08-01	CVE-2022-2245	Unspecified vulnerability in Wow-Company Counter BOX The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks network low complexity wow-company	8.8
2022-05-20	CVE-2022-29447	Files or Directories Accessible to External Parties vulnerability in Wow-Company Hover Effects Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. network low complexity wow-company CWE-552	7.2
2022-05-19	CVE-2022-29446	Files or Directories Accessible to External Parties vulnerability in Wow-Company Counter BOX 1.0/1.1/1.1.1 Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. network low complexity wow-company CWE-552	7.2
2022-03-28	CVE-2021-25064	Unspecified vulnerability in Wow-Company WOW Countdowns 3.1.2 The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. network low complexity wow-company	7.2
2022-01-10	CVE-2021-25051	Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. network low complexity wow-company CWE-352	8.8
2022-01-10	CVE-2021-25052	Unspecified vulnerability in Wow-Company Button Generator The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. network low complexity wow-company	8.8
2022-01-10	CVE-2021-25053	Unspecified vulnerability in Wow-Company WP Coder The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. network low complexity wow-company	8.8