Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ciphercoin Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-31075 1 Ciphercoin 1 Easy Hide Login 2023-12-10 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.
CVE-2023-32505 1 Ciphercoin 1 Easy Hide Login 2023-12-10 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.
CVE-2022-4303 1 Ciphercoin 1 Wp Limit Login Attempts 2023-12-10 N/A 7.5 HIGH
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
CVE-2022-3634 1 Ciphercoin 1 Contact Form 7 Database Addon 2023-12-10 N/A 9.8 CRITICAL
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
CVE-2021-36885 1 Ciphercoin 1 Contact Form 7 Database Addon 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).
CVE-2021-36886 1 Ciphercoin 1 Contact Form 7 Database Addon 2023-12-10 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).
CVE-2021-24144 1 Ciphercoin 1 Contact Form 7 Database Addon 2023-12-10 6.8 MEDIUM 7.8 HIGH
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
CVE-2015-6829 1 Ciphercoin 1 Wp Limit Login Attempts 2023-12-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.