Wp Master

wp-master

6 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Pardakht Delkhah

pardakht-delkhah

Logo Manager For Enamad

logo_manager_for_enamad

Feed Changer & Remover

feed_changer_&_remover

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5170 1Wp Master 1Logo Manager For Enamad Jun 17, 2026 Sep 17, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...Show more The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-6230 1Wp Master 1Pardakht Delkhah Jun 17, 2026 Jul 30, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2024-4757 1Wp Master 1Logo Manager For Enamad Jun 17, 2026 Jun 25, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payl...Show more The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-3993 1Wp Master 1Azan Jun 17, 2026 Jun 14, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSR...Show more The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2023-25795 1Wp Master 1Feed Changer & Remover Jun 17, 2026 Mar 20, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.
CVE-2022-4307 1Wp Master 1Pardakht Delkhah Jun 17, 2026 Jan 23, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege u...Show more The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.Show less