VYPR

Tax Service Electronic Hdm

by WordPress

CVEs (2)

  • CVE-2024-54261CriDec 13, 2024
    risk 0.65cvss 10.0epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through <= 1.2.2.

  • CVE-2025-12061HigNov 26, 2025
    risk 0.56cvss 8.6epss 0.00

    The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements