Tips And Tricks HQ Security Vulnerabilities
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...
7.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through...
5.3CVSS
7.1AI Score
0.0004EPSS
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through...
7.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through...
9.8CVSS
9.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database β Insert CSV file content into WordPress plugin <= 2.6...
7.5CVSS
7.6AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2...
5.9CVSS
4.9AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.002EPSS
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted...
8.8CVSS
9.1AI Score
0.002EPSS
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified...
6.1CVSS
6.3AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status...
7.3AI Score
0.002EPSS
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged...
8.3AI Score
0.002EPSS