Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
veronalabs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6980
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete...
Veronalabs Wp Sms
NA
CVE-2023-6981
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied...
Veronalabs Wp Sms
NA
CVE-2023-27447
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, Grav...
Veronalabs Wp Sms
NA
CVE-2023-0955
The WP Statistics WordPress plugin prior to 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a setti...
Veronalabs Wp Statistics
5
CVSSv2
CVE-2022-0651
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL q...
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2022-1005
The WP Statistics WordPress plugin prior to 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
Veronalabs Wp Statistics
NA
CVE-2022-38074
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2022-25305
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows malicious users to inject arbitrary web scripts onto several pages that ...
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2022-25306
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows malicious users to inject arbitrary web scripts onto several p...
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2022-25307
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows malicious users to inject arbitrary web scripts onto several pag...
Veronalabs Wp Statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »