Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Tips And Tricks Hq Security Vulnerabilities

cve
cve

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged usi...

8.3AI Score

0.002EPSS

2014-10-02 02:55 PM
36
cve
cve

CVE-2015-0894

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

8.7AI Score

0.001EPSS

2015-03-07 02:59 AM
28
cve
cve

CVE-2015-0895

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

7.3AI Score

0.002EPSS

2015-03-07 02:59 AM
23
cve
cve

CVE-2021-20782

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8CVSS

8.8AI Score

0.002EPSS

2021-07-14 02:15 AM
75
4
cve
cve

CVE-2023-48285

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79.

5.3CVSS

7.1AI Score

0.0004EPSS

2024-06-04 11:15 AM
5
cve
cve

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
44
cve
cve

CVE-2024-33591

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-29 10:15 AM
30
cve
cve

CVE-2024-5077

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

6.8CVSS

5.6AI Score

0.0004EPSS

2024-07-13 06:15 AM
24
cve
cve

CVE-2024-5744

The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.8CVSS

5.9AI Score

0.0004EPSS

2024-07-13 06:15 AM
28