Wpkube

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12716 1Wpkube 1Simple Basic Contact Form Jun 17, 2026 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w...Show more The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-3228 1Wpkube 1Kiwi Social Share Jun 17, 2026 Jul 9, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attack...Show more The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.Show less
CVE-2024-31249 1Wpkube 1Subscribe To Comments Reloaded Jun 17, 2026 Apr 10, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.
CVE-2023-37981 1Wpkube 1Authors List Jun 17, 2026 Jul 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.
CVE-2021-4362 1Wpkube 1Kiwi Social Share Jun 17, 2026 Jun 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in...Show more The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.Show less
CVE-2022-4226 1Wpkube 1Simple Basic Contact Form Jun 17, 2026 Dec 26, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w...Show more The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2022-29414 1Wpkube 1Subscribe To Comments Reloaded Jun 17, 2026 Apr 29, 2022 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system...Show more Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.Show less
CVE-2021-24745 1Wpkube 1About Author Box Jun 17, 2026 Nov 29, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform C...Show more The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.Show less
CVE-2021-24682 1Wpkube 1Cool Tag Cloud Jun 17, 2026 Nov 1, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack...Show more The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.Show less