Vulnerabilities > Wpwave

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2022-4681 Unspecified vulnerability in Wpwave Hide MY WP 6.2.3
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
network
low complexity
wpwave
critical
9.8
2021-11-24 CVE-2021-36916 SQL Injection vulnerability in Wpwave Hide MY WP 6.2.3
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query.
network
low complexity
wpwave CWE-89
critical
9.8
2021-11-24 CVE-2021-36917 Missing Authorization vulnerability in Wpwave Hide MY WP 6.2.3
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user.
network
low complexity
wpwave CWE-862
7.5