Vulnerabilities > Wpdevart

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-29	CVE-2022-47603	Unspecified vulnerability in Wpdevart Image and Video Gallery With Thumbnails Unauth. network low complexity wpdevart	6.1
2023-03-29	CVE-2022-47438	Unspecified vulnerability in Wpdevart Booking Calendar Auth. network low complexity wpdevart	5.4
2023-02-28	CVE-2023-23983	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Responsive Vertical Icon Menu Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. network low complexity wpdevart CWE-352	5.4
2023-02-23	CVE-2023-24384	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Organization Chart Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. network low complexity wpdevart CWE-352	8.8
2023-02-17	CVE-2023-24388	Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Booking Calendar Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). network low complexity wpdevart CWE-352	5.4
2023-02-13	CVE-2023-0177	Unspecified vulnerability in Wpdevart Social Like BOX and Page The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. network low complexity wpdevart	5.4
2022-12-12	CVE-2022-3982	Unspecified vulnerability in Wpdevart Booking Calendar The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE network low complexity wpdevart critical	9.8
2022-09-06	CVE-2022-34656	Unspecified vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. network low complexity wpdevart	4.8
2022-07-04	CVE-2022-1946	Unspecified vulnerability in Wpdevart Gallery The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue network low complexity wpdevart	6.1
2022-04-25	CVE-2022-0876	Unspecified vulnerability in Wpdevart Social Comments The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed network low complexity wpdevart	4.8

Vulnerabilities > Wpdevart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wpdevart"}]}

Vulnerabilities > Wpdevart