← Back

Viral Signup

viral_signup

Vendor: Wow Company • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-6926
1Wow Company
1Viral Signup
Oct 7, 2024
Sep 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2024-6927
1Wow Company
1Viral Signup
Oct 7, 2024
Aug 29, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less