Vulnerabilities > Wpdevart > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2022-47428 | Unspecified vulnerability in Wpdevart Booking Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | 9.8 |
| 2022-12-12 | CVE-2022-3982 | Unspecified vulnerability in Wpdevart Booking Calendar The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE | 9.8 |
| 2021-07-12 | CVE-2021-24442 | Unspecified vulnerability in Wpdevart Poll, Survey, Questionnaire and Voting System The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks | 9.8 |
| 2017-09-25 | CVE-2017-14125 | SQL Injection vulnerability in Wpdevart Responsive Image Gallery Album SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | 9.8 |