← Back

Dev4press

dev4press

12 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Gd Bbpress Attachments
gd_bbpress_attachments
3 CVEs
Gd Star Rating
gd_star_rating
2 CVEs
Gd Rating System
gd_rating_system
2 CVEs
Gd Security Headers
gd_security_headers
2 CVEs
Coreactivity
coreactivity
2 CVEs
Gd Mail Queue
gd_mail_queue
1 CVE

CVEs (12)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-0852
1Dev4press
1Coreactivity
Nov 13, 2025
May 15, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against h...Show more
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as adminShow less
CVE-2024-0868
1Dev4press
1Coreactivity
Jun 17, 2025
Apr 17, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
CVE-2024-25093
1Dev4press
1Gd Rating System
Apr 28, 2026
Feb 29, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.
CVE-2023-46821
1Dev4press
1Gd Security Headers
Apr 28, 2026
Nov 6, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/...Show more
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.Show less
CVE-2023-40330
1Dev4press
1Gd Security Headers
Nov 21, 2024
Sep 27, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions.
CVE-2023-3122
1Dev4press
1Gd Mail Queue
Apr 8, 2026
Jul 12, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it pos...Show more
The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2022-45816
1Dev4press
1Gd Bbpress Attachments
Nov 21, 2024
Dec 6, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.
CVE-2017-18591
1Dev4press
1Gd Rating System
Apr 23, 2025
Aug 27, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
CVE-2015-5482
1Dev4press
1Gd Bbpress Attachments
May 6, 2026
Aug 18, 2015
N/A· v4
N/A· v3
4.0 MEDIUM· v2
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdb...Show more
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.Show less
CVE-2015-5481
1Dev4press
1Gd Bbpress Attachments
May 6, 2026
Aug 18, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbp...Show more
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.Show less
CVE-2014-2839
1Dev4press
1Gd Star Rating
May 6, 2026
Jan 12, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
CVE-2014-2838
1Dev4press
1Gd Star Rating
May 6, 2026
Jan 12, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injectio...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.Show less