All In One Wp Security And Firewall
by WordPress
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30468 | Med | 0.28 | 4.3 | 0.00 | Mar 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6. | ||
| CVE-2023-52147 | Low | 0.24 | 3.7 | 0.00 | Jun 4, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a… | ||
| CVE-2014-6242 | 0.03 | — | 0.05 | Oct 2, 2014 | Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this… | |||
| CVE-2022-4097 | 0.00 | — | 0.00 | Dec 12, 2022 | The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | |||
| CVE-2021-25102 | 0.00 | — | 0.00 | May 2, 2022 | The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to… | |||
| CVE-2016-10887 | 0.00 | — | 0.01 | Aug 14, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | |||
| CVE-2016-10888 | 0.00 | — | 0.01 | Aug 14, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | |||
| CVE-2015-9310 | 0.00 | — | 0.01 | Aug 14, 2019 | The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | |||
| CVE-2016-10866 | 0.00 | — | 0.00 | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. | |||
| CVE-2016-10867 | 0.00 | — | 0.00 | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||
| CVE-2016-10868 | 0.00 | — | 0.00 | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | |||
| CVE-2015-9293 | 0.00 | — | 0.00 | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | |||
| CVE-2015-9294 | 0.00 | — | 0.00 | Aug 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | |||
| CVE-2015-0895 | 0.00 | — | 0.00 | Mar 7, 2015 | Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | |||
| CVE-2015-0894 | 0.00 | — | 0.01 | Mar 7, 2015 | SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6.
- risk 0.24cvss 3.7epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a…
- CVE-2014-6242Oct 2, 2014risk 0.03cvss —epss 0.05
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this…
- CVE-2022-4097Dec 12, 2022risk 0.00cvss —epss 0.00
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
- CVE-2021-25102May 2, 2022risk 0.00cvss —epss 0.00
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to…
- CVE-2016-10887Aug 14, 2019risk 0.00cvss —epss 0.01
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
- CVE-2016-10888Aug 14, 2019risk 0.00cvss —epss 0.01
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
- CVE-2015-9310Aug 14, 2019risk 0.00cvss —epss 0.01
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
- CVE-2016-10866Aug 13, 2019risk 0.00cvss —epss 0.00
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
- CVE-2016-10867Aug 13, 2019risk 0.00cvss —epss 0.00
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
- CVE-2016-10868Aug 13, 2019risk 0.00cvss —epss 0.00
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
- CVE-2015-9293Aug 13, 2019risk 0.00cvss —epss 0.00
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
- CVE-2015-9294Aug 13, 2019risk 0.00cvss —epss 0.00
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
- CVE-2015-0895Mar 7, 2015risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
- CVE-2015-0894Mar 7, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.