Vulnerabilities > Wowonder
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-40405 | SQL Injection vulnerability in Wowonder 4.1.2 WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | 7.5 |
| 2022-11-15 | CVE-2022-42984 | SQL Injection vulnerability in Wowonder 4.1.4 WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | 9.8 |
| 2022-05-17 | CVE-2022-1753 | Incorrect Authorization vulnerability in Wowonder A vulnerability, which was classified as critical, was found in WoWonder. | 4.3 |
| 2022-03-27 | CVE-2022-26254 | Authorization Bypass Through User-Controlled Key vulnerability in Wowonder 4.0 WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. | 5.3 |
| 2021-06-11 | CVE-2021-27200 | Use of Insufficiently Random Values vulnerability in Wowonder 3.0.4 In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. | 9.8 |
| 2021-03-18 | CVE-2021-26935 | SQL Injection vulnerability in Wowonder In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. | 7.5 |