← Back

Awplife

awplife

22 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Event Monster
event_monster
6 CVEs
Weather Effect
weather_effect
2 CVEs
Album Gallery
album_gallery
2 CVEs
Blog Filter
blog_filter
2 CVEs
Slider Responsive Slideshow
slider_responsive_slideshow
2 CVEs
Formula
formula
2 CVEs
Contact Form Widget
contact_form_widget
1 CVE
Grid Gallery
grid_gallery
1 CVE
Coming Soon Maintenance Mode
coming_soon_maintenance_mode
1 CVE
Profile Box Shortcode And Widget
profile_box_shortcode_and_widget
1 CVE
Media Slider
media_slider
1 CVE
Image Gallery
image_gallery
1 CVE

CVEs (22)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-11396
1Awplife
1Event Monster
Jun 5, 2025
Jan 14, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the e...Show more
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.Show less
CVE-2024-5059
1Awplife
1Event Monster
Nov 21, 2024
Jun 21, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0.
CVE-2024-35722
1Awplife
1Slider Responsive Slideshow
Nov 21, 2024
Jun 10, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0.
CVE-2024-35721
1Awplife
1Image Gallery
Nov 21, 2024
Jun 10, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery:...Show more
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.Show less
CVE-2024-35720
1Awplife
1Album Gallery
Nov 21, 2024
Jun 10, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
CVE-2024-35717
1Awplife
1Media Slider
Nov 21, 2024
Jun 10, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: f...Show more
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9.Show less
CVE-2024-5638
1Awplife
1Formula
Apr 8, 2026
Jun 8, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due...Show more
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-5613
1Awplife
1Formula
Apr 8, 2026
Jun 8, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insu...Show more
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-1895
1Awplife
1Event Monster
Apr 8, 2026
Apr 30, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted...Show more
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.Show less
CVE-2024-1401
1Awplife
1Profile Box Shortcode And Widget
May 5, 2025
Mar 19, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev...Show more
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-1859
1Awplife
1Slider Responsive Slideshow
Apr 8, 2026
Mar 1, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_s...Show more
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.Show less
CVE-2024-1475
1Awplife
1Coming Soon Maintenance Mode
Apr 8, 2026
Feb 29, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to...Show more
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin.Show less
CVE-2023-47525
1Awplife
1Event Monster
Apr 28, 2026
Dec 21, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.Show less
CVE-2023-5291
1Awplife
1Blog Filter
Apr 8, 2026
Oct 4, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user...Show more
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-5295
1Awplife
1Blog Filter
Apr 8, 2026
Sep 30, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Comments by Startbit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on...Show more
The Comments by Startbit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-23646
1Awplife
1Album Gallery
Nov 21, 2024
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
CVE-2022-3720
1Awplife
1Event Monster
Apr 30, 2025
Nov 21, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
CVE-2022-3336
1Awplife
1Event Monster
Apr 30, 2025
Nov 21, 2022
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack
CVE-2021-24709
1Awplife
1Weather Effect
Nov 21, 2024
Oct 11, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
CVE-2021-24683
1Awplife
1Weather Effect
Nov 21, 2024
Oct 11, 2021
N/A· v4
5.4 MEDIUM· v3
4.3 MEDIUM· v2
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.