Vendor CVEs
Leevio
All CVEs
76 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68999 | Hig | 0.55 | 8.5 | 0.00 | Jan 22, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4. | ||
| CVE-2023-34383 | Hig | 0.55 | 8.5 | 0.01 | Nov 3, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | ||
| CVE-2024-6666 | Hig | 0.50 | 8.8 | 0.01 | Jul 11, 2024 | The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. … | ||
| CVE-2023-3636 | Hig | 0.50 | 8.8 | 0.01 | Aug 31, 2023 | The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a… | ||
| CVE-2026-31917 | Hig | 0.48 | 8.5 | 0.00 | Mar 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. | ||
| CVE-2024-0913 | Hig | 0.47 | 7.2 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to… | ||
| CVE-2024-0609 | Hig | 0.47 | 7.2 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and… | ||
| CVE-2024-43238 | Hig | 0.46 | 7.1 | 0.00 | Aug 18, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5. | ||
| CVE-2026-2918 | Med | 0.42 | 6.4 | 0.00 | Mar 11, 2026 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is due to the `validate_reqeust()` method using `current_user_can('edit_posts',… | ||
| CVE-2025-14339 | Med | 0.42 | 6.5 | 0.00 | Feb 21, 2026 | The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only… | ||
| CVE-2025-68040 | Med | 0.42 | 6.5 | 0.00 | Dec 30, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1. | ||
| CVE-2025-67546 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6. | ||
| CVE-2025-30766 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.16.2. | ||
| CVE-2023-40003 | Med | 0.42 | 6.5 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. | ||
| CVE-2024-47357 | Med | 0.42 | 6.5 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.0. | ||
| CVE-2024-32698 | Med | 0.42 | 6.5 | 0.00 | Apr 22, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.4. | ||
| CVE-2024-2789 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-2788 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-2787 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-1498 | Med | 0.42 | 6.4 | 0.01 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-0608 | Med | 0.42 | 6.5 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user… | ||
| CVE-2024-29108 | Med | 0.42 | 6.5 | 0.00 | Mar 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | ||
| CVE-2024-0838 | Med | 0.42 | 6.4 | 0.01 | Feb 29, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-0438 | Med | 0.42 | 6.4 | 0.01 | Feb 29, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-21747 | Hig | 0.42 | 7.6 | 0.01 | Jan 8, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job… | ||
| CVE-2023-49860 | Med | 0.42 | 6.5 | 0.00 | Dec 14, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task,… | ||
| CVE-2024-1173 | Hig | 0.40 | 7.2 | 0.01 | May 2, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied… | ||
| CVE-2024-0952 | Hig | 0.40 | 7.2 | 0.01 | Apr 9, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied… | ||
| CVE-2023-6632 | Med | 0.40 | 6.1 | 0.01 | Jan 11, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-47640 | Hig | 0.39 | 7.1 | 0.00 | Oct 29, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP ERP erp allows Reflected XSS.This issue affects WP ERP: from n/a through <= 1.13.2. | ||
| CVE-2025-22649 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through <= 2.6.22. | ||
| CVE-2026-2917 | Med | 0.35 | 5.4 | 0.00 | Mar 11, 2026 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action handler. This is due to the `can_clone()` method only checking… | ||
| CVE-2026-1210 | Med | 0.35 | 6.4 | 0.00 | Feb 3, 2026 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2025-12505 | Med | 0.35 | 5.4 | 0.00 | Dec 6, 2025 | The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create_item_permissions_check function. This makes it… | ||
| CVE-2025-8994 | Med | 0.35 | 6.5 | 0.00 | Nov 15, 2025 | The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completed_at_operator’ parameter in all versions up to, and including, 2.6.26 due to… | ||
| CVE-2025-30896 | Med | 0.35 | 5.4 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4. | ||
| CVE-2024-5790 | Med | 0.35 | 6.4 | 0.00 | Jun 29, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-5347 | Med | 0.35 | 6.4 | 0.00 | May 31, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user… | ||
| CVE-2024-5041 | Med | 0.35 | 6.4 | 0.00 | May 31, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-5088 | Med | 0.35 | 6.4 | 0.00 | May 18, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-4865 | Med | 0.35 | 6.4 | 0.00 | May 18, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-4391 | Med | 0.35 | 6.4 | 0.00 | May 16, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes… | ||
| CVE-2024-4478 | Med | 0.35 | 6.4 | 0.00 | May 16, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position'… | ||
| CVE-2024-3891 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible… | ||
| CVE-2024-3724 | Med | 0.35 | 6.4 | 0.01 | May 2, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping… | ||
| CVE-2024-3890 | Med | 0.35 | 6.4 | 0.00 | Apr 26, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible… | ||
| CVE-2024-2786 | Med | 0.35 | 5.4 | 0.00 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for… | ||
| CVE-2024-1377 | Med | 0.35 | 6.4 | 0.00 | Mar 7, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes… | ||
| CVE-2024-1366 | Med | 0.35 | 6.4 | 0.00 | Mar 7, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2026-25468 | Med | 0.34 | 5.3 | 0.00 | May 7, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8. |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.
- risk 0.50cvss 8.8epss 0.01
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …
- risk 0.50cvss 8.8epss 0.01
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a…
- risk 0.48cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
- risk 0.47cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to…
- risk 0.47cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5.
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is due to the `validate_reqeust()` method using `current_user_can('edit_posts',…
- risk 0.42cvss 6.5epss 0.00
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only…
- risk 0.42cvss 6.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
- risk 0.42cvss 6.5epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.16.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.0.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.4.
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.5epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.
- risk 0.42cvss 6.4epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.4epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task,…
- risk 0.40cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied…
- risk 0.40cvss 7.2epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied…
- risk 0.40cvss 6.1epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This…
- risk 0.39cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP ERP erp allows Reflected XSS.This issue affects WP ERP: from n/a through <= 1.13.2.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through <= 2.6.22.
- risk 0.35cvss 5.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action handler. This is due to the `can_clone()` method only checking…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 5.4epss 0.00
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the create_item_permissions_check function. This makes it…
- risk 0.35cvss 6.5epss 0.00
The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completed_at_operator’ parameter in all versions up to, and including, 2.6.26 due to…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position'…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…
- risk 0.35cvss 6.4epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…
- risk 0.35cvss 5.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes…
- risk 0.35cvss 6.4epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
Page 1 of 2