Vulnerabilities > Wpwax
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1570 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wpwax Directorist The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. | 9.8 |
| 2025-02-01 | CVE-2024-12041 | Unspecified vulnerability in Wpwax Directorist The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. | 5.3 |
| 2025-01-27 | CVE-2025-24782 | PHP Remote File Inclusion vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. | 8.8 |
| 2025-01-24 | CVE-2024-13409 | Unspecified vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. | 8.8 |
| 2024-03-27 | CVE-2024-29925 | Unspecified vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. | 5.4 |
| 2024-03-15 | CVE-2023-50886 | Unspecified vulnerability in Wpwax Legal Pages Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. | 8.0 |
| 2024-03-13 | CVE-2024-1950 | Deserialization of Untrusted Data vulnerability in Wpwax Product Carousel Slider & Grid Ultimate for Woocommerce The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. | 8.8 |
| 2024-03-13 | CVE-2024-2006 | Deserialization of Untrusted Data vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. | 8.8 |
| 2024-01-16 | CVE-2023-2252 | Path Traversal vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | 2.7 |
| 2023-11-22 | CVE-2023-47824 | Unspecified vulnerability in Wpwax Legal Pages Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. | 8.8 |