Vulnerabilities > Wppool

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-26535 Cross-Site Request Forgery (CSRF) vulnerability in Wppool Sheets to WP Table Live Sync
Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.
network
low complexity
wppool CWE-352
8.8
2023-03-27 CVE-2023-0467 Path Traversal vulnerability in Wppool WP Dark Mode
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template.
network
low complexity
wppool CWE-22
4.3
2023-02-21 CVE-2022-4714 Unspecified vulnerability in Wppool WP Dark Mode
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack
network
low complexity
wppool
5.4