Vulnerabilities > Wpkube

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-37981 Cross-site Scripting vulnerability in Wpkube Authors List
Unauth.
network
low complexity
wpkube CWE-79
6.1
2023-06-07 CVE-2021-4362 Missing Authorization vulnerability in Wpkube Kiwi Social Share 2.1.0
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0.
network
low complexity
wpkube CWE-862
critical
9.8
2022-12-26 CVE-2022-4226 Unspecified vulnerability in Wpkube Simple Basic Contact Form
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
wpkube
4.8
2022-04-29 CVE-2022-29414 Cross-Site Request Forgery (CSRF) vulnerability in Wpkube Subscribe to Comments Reloaded
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
network
wpkube CWE-352
5.8
2021-11-29 CVE-2021-24745 Cross-site Scripting vulnerability in Wpkube About Author BOX
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
network
wpkube CWE-79
3.5
2021-11-01 CVE-2021-24682 Cross-site Scripting vulnerability in Wpkube Cool TAG Cloud
The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
network
wpkube CWE-79
3.5