Vk All In One Expansion Unit Security Vulnerabilities and Issues — Vk All In One Expansion Unit CVE List

Lucene search

Vektor-incVk All In One Expansion Unit

8 matches found

CVE•added 2024/04/09 7:15 p.m.•68 views

CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.

6.5CVSS7AI score0.01093EPSS

CVE•added 2023/03/20 4:15 p.m.•61 views

CVE-2023-0937

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1CVSS6.1AI score0.00199EPSS

CVE•added 2023/05/23 2:15 a.m.•59 views

CVE-2023-28367

Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.

5.4CVSS5.4AI score0.00518EPSS

CVE•added 2024/11/13 6:15 a.m.•52 views

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.

4.8CVSS6.7AI score0.00083EPSS

CVE•added 2023/02/27 4:15 p.m.•50 views

CVE-2023-0230

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS5.3AI score0.00186EPSS

CVE•added 2024/03/26 5:15 a.m.•49 views

CVE-2024-2170

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it...

6.4CVSS6AI score0.00094EPSS

CVE•added 2023/05/23 2:15 a.m.•48 views

CVE-2023-27926

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.

5.4CVSS5.4AI score0.00668EPSS

CVE•added 2024/07/20 9:15 a.m.•38 views

CVE-2024-37956

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.

6.5CVSS6.7AI score0.00115EPSS