Wowonder Security Vulnerabilities and Issues — Wowonder CVE List

Lucene search

WowonderWowonder

6 matches found

CVE•added 2022/11/15 12:15 a.m.•85 views

CVE-2022-42984

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.

9.8CVSS9.8AI score0.00341EPSS

CVE•added 2022/03/27 5:15 p.m.•59 views

CVE-2022-26254

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.

5.3CVSS5.5AI score0.0021EPSS

CVE•added 2022/05/17 6:15 a.m.•55 views

CVE-2022-1753

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might re...

5.4CVSS4.8AI score0.00212EPSS

CVE•added 2022/11/15 12:15 a.m.•54 views

CVE-2022-40405

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs.

7.5CVSS7.8AI score0.00078EPSS

CVE•added 2021/06/11 6:15 p.m.•46 views

CVE-2021-27200

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

9.8CVSS9.4AI score0.03045EPSS

CVE•added 2021/03/18 3:15 p.m.•35 views

CVE-2021-26935

In WoWonder

7.5CVSS7.9AI score0.00581EPSS