Filtered by vendor Tipsandtricks-hq
Subscribe
Filtered by product All In One Wp Security \& Firewall
Subscribe
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44737 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | N/A | 8.8 HIGH |
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |||||
CVE-2021-25102 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 2.6 LOW | 4.7 MEDIUM |
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | |||||
CVE-2016-10868 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | |||||
CVE-2015-9310 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | |||||
CVE-2016-10888 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | |||||
CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | |||||
CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | |||||
CVE-2016-10887 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | |||||
CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||||
CVE-2016-10866 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. |