Leevio
Products
5- 40 CVEs
- 16 CVEs
- 15 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
76| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68999 | Hig | 0.55 | 8.5 | 0.00 | Jan 22, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4. | ||
| CVE-2023-34383 | Hig | 0.55 | 8.5 | 0.01 | Nov 3, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | ||
| CVE-2024-6666 | Hig | 0.50 | 8.8 | 0.01 | Jul 11, 2024 | The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. … | ||
| CVE-2023-3636 | Hig | 0.50 | 8.8 | 0.01 | Aug 31, 2023 | The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a… | ||
| CVE-2026-31917 | Hig | 0.48 | 8.5 | 0.00 | Mar 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. | ||
| CVE-2024-0913 | Hig | 0.47 | 7.2 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to… | ||
| CVE-2024-0609 | Hig | 0.47 | 7.2 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and… | ||
| CVE-2024-43238 | Hig | 0.46 | 7.1 | 0.00 | Aug 18, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5. | ||
| CVE-2026-2918 | Med | 0.42 | 6.4 | 0.00 | Mar 11, 2026 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is due to the `validate_reqeust()` method using `current_user_can('edit_posts',… | ||
| CVE-2025-14339 | Med | 0.42 | 6.5 | 0.00 | Feb 21, 2026 | The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only… | ||
| CVE-2025-68040 | Med | 0.42 | 6.5 | 0.00 | Dec 30, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1. | ||
| CVE-2025-67546 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6. | ||
| CVE-2025-30766 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.16.2. | ||
| CVE-2023-40003 | Med | 0.42 | 6.5 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. | ||
| CVE-2024-47357 | Med | 0.42 | 6.5 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.0. | ||
| CVE-2024-32698 | Med | 0.42 | 6.5 | 0.00 | Apr 22, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.4. | ||
| CVE-2024-2789 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-2788 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-2787 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-1498 | Med | 0.42 | 6.4 | 0.01 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.
- risk 0.50cvss 8.8epss 0.01
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …
- risk 0.50cvss 8.8epss 0.01
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a…
- risk 0.48cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
- risk 0.47cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to…
- risk 0.47cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5.
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is due to the `validate_reqeust()` method using `current_user_can('edit_posts',…
- risk 0.42cvss 6.5epss 0.00
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only…
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
- risk 0.42cvss 6.5epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.16.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.0.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.4.
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…