Vulnerabilities > Wpchill > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-47362 | Missing Authorization vulnerability in Wpchill Strong Testimonials Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | 8.8 |
| 2024-11-01 | CVE-2024-49256 | Incorrect Authorization vulnerability in Wpchill Htaccess File Editor Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | 8.8 |
| 2024-10-16 | CVE-2022-4972 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. | 7.5 |
| 2024-01-08 | CVE-2022-45354 | Unspecified vulnerability in Wpchill Download Monitor Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 7.5 |
| 2024-01-05 | CVE-2023-52123 | Unspecified vulnerability in Wpchill Strong Testimonials Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | 8.8 |
| 2023-12-20 | CVE-2023-34007 | Unspecified vulnerability in Wpchill Download Monitor Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | 8.8 |
| 2022-08-23 | CVE-2022-36292 | Unspecified vulnerability in Wpchill Gallery Photoblocks 1.2.6 Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | 8.8 |
| 2022-01-03 | CVE-2021-24786 | SQL Injection vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | 7.2 |
| 2021-10-25 | CVE-2021-24774 | SQL Injection vulnerability in Wpchill Check & LOG Email The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | 7.2 |