Vulnerabilities > Wpexperts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2024-13713 | SQL Injection vulnerability in Wpexperts Givewp Square The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-02-18 | CVE-2025-0521 | Cross-site Scripting vulnerability in Wpexperts Post Smtp The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-27 | CVE-2025-24680 | Cross-site Scripting vulnerability in Wpexperts WP Multi Store Locator 2.4 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. | 6.1 |
| 2025-01-04 | CVE-2024-12475 | Cross-site Scripting vulnerability in Wpexperts WP Multi Store Locator 2.4 The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-18 | CVE-2024-52436 | SQL Injection vulnerability in Wpexperts Post Smtp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9. | 7.2 |
| 2024-07-12 | CVE-2024-4753 | Cross-site Scripting vulnerability in Wpexperts WP Secure Maintenance The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-11 | CVE-2023-52233 | Unspecified vulnerability in Wpexperts Post Smtp Mailer Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | 9.8 |
| 2024-03-19 | CVE-2024-29128 | Unspecified vulnerability in Wpexperts Post Smtp Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6. | 6.1 |
| 2024-03-17 | CVE-2024-27959 | Unspecified vulnerability in Wpexperts WC Shop Sync Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. | 6.1 |
| 2024-02-29 | CVE-2024-0656 | Cross-site Scripting vulnerability in Wpexperts Password Protected 2.6.2 The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. | 4.8 |