Weblizar

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-33911 1Weblizar 1School Management Apr 28, 2026 May 2, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.
CVE-2022-1609 1Weblizar 1School Management Jun 2, 2025 Jan 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP...Show more The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.Show less
CVE-2022-47430 1Weblizar 1School Management Education & Learning Management Apr 28, 2026 Nov 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Ma...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.Show less
CVE-2022-46849 1Weblizar 1Responsive Coming Soon & Maintenance Mode Apr 29, 2026 Nov 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming S...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.Show less
CVE-2017-20098 1Weblizar 1Admin Custom Login Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to...Show more A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.Show less
CVE-2021-34628 1Weblizar 1Admin Custom Login Jun 17, 2026 Aug 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject...Show more The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.Show less
CVE-2019-15781 1Weblizar 1Social Likebox & Feed Jun 17, 2026 Aug 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
CVE-2018-5656 1Weblizar 1Pinterest Feeds Jun 17, 2026 Jan 13, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
CVE-2018-5655 1Weblizar 1Pinterest Feeds Jun 17, 2026 Jan 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
CVE-2018-5654 1Weblizar 1Pinterest Feeds Jun 17, 2026 Jan 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
CVE-2018-5653 1Weblizar 1Pinterest Feeds Jun 17, 2026 Jan 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.