171 matches found
CVE-2023-26525
CVE-2023-26525 concerns the WordPress Dokan plugin (Best WooCommerce Multivendor Marketplace) with an SQL Injection vulnerability in versions up to and including 3.7.12. The underlying issue is improper neutralization of input in SQL commands, exploitable by an authenticated attacker with vendor ...
PT-2023-20701 · Wedevs · Wedevs Dokan
Name of the Vulnerable Software and Affected Versions: weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy versions n/a through 3.7.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also...
CVE-2023-34382
The Dokan WordPress plugin (Dokan – Best WooCommerce Multivendor Marketplace Solution) is affected up to version 3.7.19. The issue is a PHP Object Injection due to insecure deserialization of untrusted data in the plugin’s codebase. This vulnerability can impact confidentiality, integrity, and av...
CVE-2023-49860
CVE-2023-49860 affects the WordPress plugin WP Project Manager – Task, team, and project management plugin (weDevs) up to version 2.6.7 . The vulnerability is an improper neutralization of input during web page generation, resulting in a stored Cross-Site Scripting (XSS) condition. Public referen...
PT-2023-31399 · Wedevs · Wedevs Wp Project Manager
Name of the Vulnerable Software and Affected Versions: weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts versions through 2.6.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known ...
CVE-2023-34383
A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through = 2.6.0...
CVE-2023-34383
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...
CVE-2023-34383 WordPress WP Project Manager plugin <= 2.6.0 - SQL Injection vulnerability
A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through = 2.6.0...
CVE-2023-34383
CVE-2023-34383 affects the WordPress plugin WP Project Manager (weDevs) up to version 2.6.0. It is a SQL Injection vulnerability caused by improper neutralization of input in SQL commands, leading to unauthorized data access or manipulation when exploited by authenticated users (Subscriber+). Pub...
PT-2023-24853 · Wedevs · Wedevs Wp Project Manager
Name of the Vulnerable Software and Affected Versions: weDevs WP Project Manager versions through 2.6.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2023-34008
Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...
CVE-2023-34008
CVE-2023-34008 affects the WordPress WP ERP plugin, with unauthenticated reflected Cross-Site Scripting (XSS) in versions
CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...
CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...
PT-2023-24627 · Wedevs · Wedevs Wp Erp
Name of the Vulnerable Software and Affected Versions: weDevs WP ERP plugin versions = 1.12.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized...
weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible...
CVE-2023-28989
Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...
CVE-2023-28989
CVE-2023-28989 is a CSRF vulnerability in the WordPress plugin Happy Addons for Elementor (weDevs) affecting versions