Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wonderplugin Security Vulnerabilities

cve
cve

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to e...

8.3AI Score

0.004EPSS

2015-03-03 07:59 PM
26
cve
cve

CVE-2021-24540

The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-16 11:15 AM
28
cve
cve

CVE-2021-24541

The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-16 11:15 AM
38
cve
cve

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.

7.1CVSS

6.9AI Score

0.0005EPSS

2024-02-08 01:15 PM
22