Kibokolabs

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4211 1Kibokolabs 1Chained Quiz Apr 8, 2026 Dec 2, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitizati...Show more The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2022-4210 1Kibokolabs 1Chained Quiz Apr 8, 2026 Dec 2, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization...Show more The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2022-4209 1Kibokolabs 1Chained Quiz Apr 8, 2026 Dec 2, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitizat...Show more The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2022-4208 1Kibokolabs 1Chained Quiz Apr 8, 2026 Dec 2, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitizatio...Show more The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2021-24690 1Kibokolabs 1Chained Quiz Nov 21, 2024 Oct 11, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.
CVE-2021-38358 1Kibokolabs 1Moolamojo Nov 21, 2024 Sep 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in vers...Show more The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.Show less
CVE-2021-38317 1Kibokolabs 1Konnichiwa Nov 21, 2024 Sep 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in...Show more The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.Show less
CVE-2018-14502 1Kibokolabs 1Chained Quiz Nov 21, 2024 Mar 10, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
CVE-2020-7104 1Kibokolabs 1Chained Quiz Nov 21, 2024 Jan 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
CVE-2015-9418 1Kibokolabs 1Watupro Nov 21, 2024 Sep 26, 2019 N/A· v4 4.3 MEDIUM· v3 5.8 MEDIUM· v2 The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
CVE-2016-10892 1Kibokolabs 1Chained Quiz Nov 21, 2024 Aug 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.
CVE-2019-12345 1Kibokolabs 1Hostel Nov 21, 2024 May 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
CVE-2018-1002009 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.Show less
CVE-2018-1002008 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4:...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.Show less
CVE-2018-1002007 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-fo...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.Show less
CVE-2018-1002006 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
CVE-2018-1002005 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
CVE-2018-1002004 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002003 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002002 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Previous 1 234 Next