Social Locker

social_locker

Vendor: Byonepress • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1608 1Byonepress 1Social Locker Jun 17, 2026 Jun 13, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2015-9425 1Byonepress 1Social Locker Nov 21, 2024 Sep 26, 2019 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.