← Back

Tipsandtricks Hq

tipsandtricks-hq

75 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Wp Affiliate Platform
wp_affiliate_platform
11 CVEs
All In One Wp Security & Firewall
all_in_one_wp_security_&_firewall
10 CVEs
Wp Emember
wp_emember
10 CVEs
Simple Download Monitor
simple_download_monitor
9 CVEs
Wp Estore
wp_estore
8 CVEs
Wordpress Simple Paypal Shopping Cart
wordpress_simple_paypal_shopping_cart
7 CVEs
Category Specific Rss Feed Subscription
category_specific_rss_feed_subscription
3 CVEs
Software License Manager
software_license_manager
3 CVEs
Wp Video Lightbox
wp_video_lightbox
3 CVEs
Compact Wp Audio Player
compact_wp_audio_player
3 CVEs
Wp Security & Firewall
wp_security_&_firewall
1 CVE
Far Future Expiry Header
far_future_expiry_header
1 CVE
Wp Simple Adsense Insertion
wp_simple_adsense_insertion
1 CVE
Accept Stripe
accept_stripe
1 CVE
Donations Via Paypal
donations_via_paypal
1 CVE
Easy Accept Payments For Paypal
easy_accept_payments_for_paypal
1 CVE
Wp Express Checkout
wp_express_checkout
1 CVE
Simple Photo Gallery
simple_photo_gallery
1 CVE

CVEs (75)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-3890
1Tipsandtricks Hq
1Wordpress Simple Paypal Shopping Cart
May 6, 2025
May 1, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanit...Show more
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2025-3889
1Tipsandtricks Hq
1Wordpress Simple Paypal Shopping Cart
May 6, 2025
May 1, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user con...Show more
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.Show less
CVE-2025-3874
1Tipsandtricks Hq
1Wordpress Simple Paypal Shopping Cart
May 6, 2025
May 1, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it p...Show more
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.Show less
CVE-2024-6136
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6134
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6133
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5081
1Tipsandtricks Hq
1Wp Emember
Jun 9, 2025
Aug 5, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a C...Show more
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-5285
1Tipsandtricks Hq
1Wp Affiliate Platform
Jul 7, 2025
Jul 29, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack
CVE-2024-6076
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6075
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6074
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6073
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6072
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old we...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersShow less
CVE-2024-5744
1Tipsandtricks Hq
1Wp Emember
May 16, 2025
Jul 13, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2024-5715
1Tipsandtricks Hq
1Wp Emember
May 20, 2025
Jul 13, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users s...Show more
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5287
1Tipsandtricks Hq
1Wp Affiliate Platform
May 19, 2025
Jul 13, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack
CVE-2024-5286
1Tipsandtricks Hq
1Wp Affiliate Platform
May 19, 2025
Jul 13, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privile...Show more
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5284
1Tipsandtricks Hq
1Wp Affiliate Platform
May 19, 2025
Jul 13, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payload...Show more
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-5283
1Tipsandtricks Hq
1Wp Affiliate Platform
May 19, 2025
Jul 13, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privile...Show more
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5282
1Tipsandtricks Hq
1Wp Affiliate Platform
May 19, 2025
Jul 13, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privile...Show more
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less