The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
6.1CVSS
6AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
6.1CVSS
6AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
9.8CVSS
9.9AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
6.1CVSS
6.1AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
6.1CVSS
6AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
6.1CVSS
6AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
9.8CVSS
10AI Score
0.001EPSS
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
9.8CVSS
10AI Score
0.001EPSS
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirec...
4.7CVSS
4.4AI Score
0.001EPSS
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) β Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
8.8CVSS
8.9AI Score
0.001EPSS