Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
awplife vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-3336
The Event Monster WordPress plugin prior to 1.2.0 does not have CSRF check when deleting visitors, which could allow malicious users to make logged in admin delete arbitrary visitors via a CSRF attack
Awplife Event Monster
5.4
CVSSv3
CVE-2023-5291
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au...
Awplife Blog Filter
5.4
CVSSv3
CVE-2023-5295
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...
Awplife Blog Filter
8.8
CVSSv3
CVE-2023-23646
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
Awplife Album Gallery
7.2
CVSSv3
CVE-2022-3720
The Event Monster WordPress plugin prior to 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
Awplife Event Monster
5.4
CVSSv3
CVE-2021-24529
The Grid Gallery – Photo Image Grid Gallery WordPress plugin prior to 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.
Awplife Grid Gallery
5.4
CVSSv3
CVE-2021-24683
The Weather Effect WordPress plugin prior to 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
Awplife Weather Effect
4.8
CVSSv3
CVE-2021-24709
The Weather Effect WordPress plugin prior to 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
Awplife Weather Effect
5.4
CVSSv3
CVE-2023-47525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets B...
Awplife Event Monster
9.8
CVSSv3
CVE-2019-17072
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
Awplife Contact Form Widget 1.0.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started