4 matches found
CVE-2026-13262
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2023-48768
Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...
PT-2024-27597 · Helloasso · Helloasso
Name of the Vulnerable Software and Affected Versions: HelloAsso versions 1.1.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...
CVE-2023-31229
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9...