0.0
CVE-2024-49655 - WordPress ARPrice plugin <= 4.1.3 - Unauthenticated SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through <= 4.1.3.
8.5
CVE-2024-49333 - WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
8.5
CVE-2024-49303 - WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
7.1
CVE-2024-49300 - WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
5.3
CVE-2025-0615 - Input validation vulnerability in Qualifio's Wheel of Fortune
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the β+β symbol to access the application and win prizes as many times as wanted.
5.3
CVE-2025-0614 - Input validation vulnerability in Qualifio's Wheel of Fortune
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted.
6.1
CVE-2024-13444 - wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via aβ¦
6.4
CVE-2024-11226 - FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via β¦
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-levβ¦
5.3
CVE-2024-13230 - Social Share, Social Login and Social Comments Plugin β Super Socializer <= 7.14 - Unauthenticated β¦
The Social Share, Social Login and Social Comments Plugin β Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the βSuperSocializerKeyβ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficieβ¦
6.4
CVE-2025-0450 - Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackβ¦