Vulnerabilities > WP BUY
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2021-24194 | Unspecified vulnerability in Wp-Buy Login Protection - Limit Failed Login Attempts Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | 8.8 |
| 2021-05-14 | CVE-2021-24195 | Unspecified vulnerability in Wp-Buy Login AS User or Customer (User Switching) Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | 8.8 |
| 2019-08-30 | CVE-2019-15832 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Buy Visitor Traffic Real Time Statistics The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | 8.8 |
| 2019-08-30 | CVE-2019-15831 | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Buy Visitor Traffic Real Time Statistics The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | 8.8 |