Wp Buy

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6693 1Wp Buy 1Wp Content Copy Protection & No Right Click Jun 11, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht...Show more The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-6690 1Wp Buy 1Wp Content Copy Protection & No Right Click Jun 11, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
CVE-2024-13627 1Wp Buy 1Owl Carousel Slider May 23, 2025 Feb 17, 2025 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege...Show more The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-49306 1Wp Buy 1Wp Content Copy Protection & No Right Click Apr 23, 2026 Oct 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right C...Show more Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through <= 3.5.9.Show less
CVE-2023-7247 1Wp Buy 1Login As User Or Customer (user Switching) May 1, 2025 Mar 11, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.
CVE-2023-36678 1Wp Buy 1Wp Content Copy Protection & No Right Click Nov 21, 2024 Aug 5, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.
CVE-2022-4305 1Wp Buy 1Login As User Or Customer (user Switching) Apr 3, 2025 Jan 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
CVE-2022-23983 1Wp Buy 1Wp Content Copy Protection & No Right Click Nov 21, 2024 Feb 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
CVE-2021-24847 1Wp Buy 1Seo Redirection 301 Redirect Manager Nov 21, 2024 Nov 17, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it...Show more The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installedShow less
CVE-2021-24829 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Nov 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL s...Show more The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issueShow less
CVE-2021-24195 1Wp Buy 1Login As User Or Customer (user Switching) Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) f...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2021-24194 1Wp Buy 1Login Protection Limit Failed Login Attempts Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific versio...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2021-24193 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from t...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2021-24190 1Wp Buy 1Conditional Marketing Mailer Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) f...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2021-24189 1Wp Buy 1Captchinoo Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific ver...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2021-24188 1Wp Buy 1Wp Content Copy Protection & No Right Click Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2019-15832 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
CVE-2019-15831 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.