Vulnerabilities > Wpmanageninja
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6953 | Cross-site Scripting vulnerability in Wpmanageninja PDF Generator for Fluent Forms The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-12-31 | CVE-2023-51547 | SQL Injection vulnerability in Wpmanageninja Fluent Support Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6. | 7.2 |
| 2023-07-12 | CVE-2023-3087 | Unspecified vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-06-09 | CVE-2023-1430 | Unspecified vulnerability in Wpmanageninja Fluentcrm The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. | 3.7 |
| 2023-05-25 | CVE-2022-47136 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmanageninja Ninja Tables Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. | 8.8 |
| 2023-05-10 | CVE-2022-47137 | Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables Auth. | 4.8 |
| 2023-03-13 | CVE-2023-0219 | Cross-site Scripting vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. | 5.4 |
| 2023-01-23 | CVE-2022-4746 | Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | 7.5 |
| 2022-02-01 | CVE-2021-24900 | Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |
| 2021-08-30 | CVE-2021-24528 | Cross-site Scripting vulnerability in Wpmanageninja Fluentsmtp The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. | 3.5 |