VYPR

Aawp

by WordPress

CVEs (2)

  • CVE-2022-4794HigJan 30, 2023
    risk 0.49cvss 7.5epss 0.01

    The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

  • CVE-2022-50970MedMay 10, 2026
    risk 0.35cvss 5.4epss 0.00

    WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page…