VYPR

Infographic Maker

by WordPress

CVEs (2)

  • CVE-2022-0747CriMar 21, 2022
    risk 0.65cvss 9.8epss 0.15

    The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection

  • CVE-2024-5858MedJun 15, 2024
    risk 0.21cvss 4.3epss 0.00

    The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers,…