Tipsandtricks Hq

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5281 1Tipsandtricks Hq 1Wp Affiliate Platform May 19, 2025 Jul 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privile...Show more The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5280 1Tipsandtricks Hq 1Wp Affiliate Platform May 19, 2025 Jul 13, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS pay...Show more The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attackShow less
CVE-2024-5080 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server
CVE-2024-5079 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks
CVE-2024-5077 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CS...Show more The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-5076 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-5075 1Tipsandtricks Hq 1Wp Emember May 6, 2025 Jul 13, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users s...Show more The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5074 1Tipsandtricks Hq 1Wp Emember May 2, 2025 Jul 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users s...Show more The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-4749 1Tipsandtricks Hq 1Wp Emember Jun 17, 2025 Jun 4, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVE-2023-6497 1Tipsandtricks Hq 1Wordpress Simple Paypal Shopping Cart Apr 8, 2026 Jan 27, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization...Show more The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2022-47588 1Tipsandtricks Hq 1Simple Photo Gallery Apr 28, 2026 Nov 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects S...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.Show less
CVE-2023-22685 1Tipsandtricks Hq 1Category Specific Rss Feed Subscription Nov 21, 2024 May 12, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions.
CVE-2023-22691 1Tipsandtricks Hq 1Category Specific Rss Feed Subscription Nov 21, 2024 May 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.
CVE-2023-1469 1Tipsandtricks Hq 1Wp Express Checkout Nov 21, 2024 Mar 17, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output esc...Show more The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.Show less
CVE-2023-1431 1Tipsandtricks Hq 1Wordpress Simple Paypal Shopping Cart Nov 21, 2024 Mar 16, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible locati...Show more The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.Show less
CVE-2023-0275 1Tipsandtricks Hq 1Easy Accept Payments For Paypal Mar 21, 2025 Feb 13, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow...Show more The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2022-4672 1Tipsandtricks Hq 1Wordpress Simple Paypal Shopping Cart Apr 2, 2025 Jan 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contri...Show more The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-4542 1Tipsandtricks Hq 1Compact Wp Audio Player Apr 3, 2025 Jan 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor t...Show more The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-4465 1Tipsandtricks Hq 1Wp Video Lightbox Apr 7, 2025 Jan 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perf...Show more The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.Show less
CVE-2022-3898 1Tipsandtricks Hq 1Wp Affiliate Platform Apr 8, 2026 Nov 29, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the...Show more The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less

Previous 123 4 Next