VYPR

WassUp

by WordPress

CVEs (3)

  • CVE-2016-10919MedAug 22, 2019
    risk 0.40cvss 6.1epss 0.01

    The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

  • CVE-2008-0520Jan 31, 2008
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

  • CVE-2012-2633Jun 15, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.