Vulnerabilities > Wpwax

DATE CVE VULNERABILITY TITLE RISK
2022-07-22 CVE-2022-34650 Unspecified vulnerability in Wpwax Team
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
network
low complexity
wpwax
5.4
2022-07-22 CVE-2022-34853 Unspecified vulnerability in Wpwax Team
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
network
low complexity
wpwax
5.4
2022-06-20 CVE-2022-1266 Unspecified vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
low complexity
wpwax
4.8
2021-12-21 CVE-2021-24981 Unspecified vulnerability in Wpwax Directorist
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.
network
high complexity
wpwax
7.5