Vulnerabilities > Wpexperts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2022-47181 | Unspecified vulnerability in Wpexperts Email Templates Customizer and Designer Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. | 8.8 |
| 2023-10-16 | CVE-2023-4798 | Unspecified vulnerability in Wpexperts User Avatar-Reloaded The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. | 5.4 |
| 2023-07-17 | CVE-2023-35038 | Unspecified vulnerability in Wpexperts WP PDF Generator Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. | 8.8 |
| 2023-07-17 | CVE-2023-3179 | Unspecified vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). | 8.8 |
| 2023-07-12 | CVE-2021-4422 | Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. | 4.3 |
| 2023-07-12 | CVE-2023-3082 | Unspecified vulnerability in Wpexperts Post Smtp Mailer The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-06-23 | CVE-2023-32580 | Unspecified vulnerability in Wpexperts Password Protected 2.6.2 Auth. | 4.8 |
| 2023-06-07 | CVE-2019-25150 | Injection vulnerability in Wpexperts Email Templates The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. | 8.8 |
| 2023-06-05 | CVE-2023-0152 | Unspecified vulnerability in Wpexperts WP Multi Store Locator 2.4 The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2022-10-31 | CVE-2022-3237 | Unspecified vulnerability in Wpexperts WP Contact Slider The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |