All In One Wp Security & Firewall

all_in_one_wp_security_&_firewall

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-44737 1Tipsandtricks Hq 1All In One Wp Security & Firewall Apr 28, 2026 Nov 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
CVE-2021-25102 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 May 2, 2022 N/A· v4 4.7 MEDIUM· v3 2.6 LOW· v2 The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute,...Show more The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the riskShow less
CVE-2016-10888 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
CVE-2016-10887 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVE-2015-9310 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
CVE-2016-10867 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
CVE-2016-10866 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
CVE-2016-10868 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
CVE-2015-9294 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
CVE-2015-9293 1Tipsandtricks Hq 1All In One Wp Security & Firewall Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.