Vulnerabilities > Wpwax > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-13409 | Unspecified vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. | 8.8 |
| 2024-03-15 | CVE-2023-50886 | Unspecified vulnerability in Wpwax Legal Pages Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. | 8.0 |
| 2023-11-22 | CVE-2023-47824 | Unspecified vulnerability in Wpwax Legal Pages Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. | 8.8 |
| 2023-11-07 | CVE-2023-41798 | Unspecified vulnerability in Wpwax Directorist Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | 8.8 |
| 2023-06-09 | CVE-2023-1888 | Improper Input Validation vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. | 8.8 |
| 2021-12-21 | CVE-2021-24981 | Unspecified vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. | 7.5 |