VYPR
Vendor

Frenify

Products
5
CVEs
20
Across products
20
Status
Private

Products

5

Recent CVEs

20
  • CVE-2025-58997CriSep 9, 2025
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10.

  • CVE-2023-0294HigJan 13, 2023
    risk 0.57cvss 8.8epss 0.00

    The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated…

  • CVE-2025-39475HigJun 9, 2025
    risk 0.53cvss 8.1epss 0.00

    Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.

  • CVE-2026-28076HigMar 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Guff: from n/a through <= 1.0.1.

  • CVE-2025-69082HigJan 7, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through <= 6.0.3.

  • CVE-2025-59005MedSep 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.

  • CVE-2023-0293MedJan 13, 2023
    risk 0.28cvss 4.3epss 0.01

    The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2024-0385MedMar 13, 2024
    risk 0.21cvss 4.3epss 0.01

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-1912MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated…

  • CVE-2024-1910MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1909MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1907MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1906MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-1653MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-1652MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-1650MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with…

  • CVE-2024-1649MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with…

  • CVE-2022-47144May 25, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

  • CVE-2022-47142May 22, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

  • CVE-2021-24848Dec 13, 2021
    risk 0.00cvss epss 0.01

    The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection