Wpchill

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-34007 1Wpchill 1Download Monitor Apr 28, 2026 Dec 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
CVE-2023-5704 1Wpchill 1Cpo Shortcodes Apr 8, 2026 Nov 22, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on u...Show more The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-31219 1Wpchill 1Download Monitor Apr 28, 2026 Nov 13, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.
CVE-2023-28171 1Wpchill 1Brilliance Nov 21, 2024 Jun 22, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
CVE-2023-26013 1Wpchill 1Strong Testimonials Nov 21, 2024 Jun 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
CVE-2023-25451 1Wpchill 1Cpo Content Types Nov 21, 2024 Apr 23, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.
CVE-2022-4544 1Wpchill 1Mashshare Apr 4, 2025 Jan 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stor...Show more The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-41135 1Wpchill 1Customizable Wordpress Gallery Plugin Modula Image Gallery Nov 21, 2024 Nov 18, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
CVE-2022-2981 1Wpchill 1Download Monitor Nov 21, 2024 Oct 10, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or...Show more The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.Show less
CVE-2022-40672 1Wpchill 1Cpo Shortcodes Nov 21, 2024 Sep 23, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
CVE-2022-37407 1Wpchill 1Gallery Photoblocks Nov 21, 2024 Sep 9, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-36292 1Wpchill 1Gallery Photoblocks Nov 21, 2024 Aug 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-2222 1Wpchill 1Download Monitor Nov 21, 2024 Jul 17, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or...Show more The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.Show less
CVE-2022-1547 1Wpchill 1Check & Log Email Nov 21, 2024 May 23, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1054 1Wpchill 1Rsvp And Event Management Nov 21, 2024 Apr 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated at...Show more The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for eventsShow less
CVE-2022-27852 1Wpchill 1Kb Support Nov 21, 2024 Apr 15, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions.
CVE-2021-25050 1Wpchill 1Remove Footer Credit Nov 21, 2024 Feb 14, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2021-24446 1Wpchill 1Remove Footer Credit Nov 21, 2024 Feb 14, 2022 N/A· v4 5.4 MEDIUM· v3 6.0 MEDIUM· v2 The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due...Show more The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisationShow less
CVE-2021-31567 1Wpchill 1Download Monitor Feb 20, 2025 Jan 28, 2022 N/A· v4 6.8 MEDIUM· v3 6.8 MEDIUM· v2 Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-conf...Show more Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.Show less
CVE-2021-23174 1Wpchill 1Download Monitor Nov 21, 2024 Jan 28, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

Previous 123 Next