Vulnerabilities > Wpdevart

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-06	CVE-2023-23972	Cross-site Scripting vulnerability in Wpdevart Social Like BOX and Page Auth. network low complexity wpdevart CWE-79	4.8
2023-04-04	CVE-2023-23870	Cross-site Scripting vulnerability in Wpdevart Responsive Vertical Icon Menu Auth. network low complexity wpdevart CWE-79	4.8
2023-03-29	CVE-2022-47603	Cross-site Scripting vulnerability in Wpdevart Image and Video Gallery With Thumbnails Unauth. network low complexity wpdevart CWE-79	6.1
2023-03-29	CVE-2022-47438	Cross-site Scripting vulnerability in Wpdevart Booking Calendar Auth. network low complexity wpdevart CWE-79	5.4
2023-02-28	CVE-2023-23983	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Responsive Vertical Icon Menu Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. network low complexity wpdevart CWE-352	5.4
2023-02-23	CVE-2023-24384	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Organization Chart Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. network low complexity wpdevart CWE-352	8.8
2023-02-17	CVE-2023-24388	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Booking Calendar Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). network low complexity wpdevart CWE-352	5.4
2023-02-13	CVE-2023-0177	Unspecified vulnerability in Wpdevart Social Like BOX and Page The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. network low complexity wpdevart	5.4
2022-12-12	CVE-2022-3982	Unspecified vulnerability in Wpdevart Booking Calendar The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE network low complexity wpdevart critical	9.8
2022-07-04	CVE-2022-1946	Cross-site Scripting vulnerability in Wpdevart Gallery The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue network wpdevart CWE-79	4.3

Vulnerabilities > Wpdevart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wpdevart"}]}

Vulnerabilities > Wpdevart