Vendor CVEs
Leevio
All CVEs
76 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58269 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25. | ||
| CVE-2025-47540 | Med | 0.34 | 5.3 | 0.00 | May 7, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13. | ||
| CVE-2024-0956 | Med | 0.32 | 4.9 | 0.01 | Mar 29, 2024 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including,… | ||
| CVE-2023-51676 | Med | 0.32 | 4.9 | 0.00 | Dec 29, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | ||
| CVE-2025-63077 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3. | ||
| CVE-2025-32280 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25. | ||
| CVE-2024-48045 | Med | 0.28 | 4.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.3. | ||
| CVE-2024-24833 | Med | 0.28 | 4.3 | 0.00 | May 8, 2024 | Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1. | ||
| CVE-2020-36745 | Med | 0.28 | 4.3 | 0.00 | Jul 1, 2023 | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger… | ||
| CVE-2020-36735 | Med | 0.28 | 4.3 | 0.00 | Jul 1, 2023 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the… | ||
| CVE-2025-63008 | Med | 0.27 | 5.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7. | ||
| CVE-2023-45765 | Med | 0.21 | 4.3 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6. | ||
| CVE-2024-1387 | Med | 0.21 | 4.3 | 0.01 | Apr 9, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access… | ||
| CVE-2024-13500 | 0.00 | — | 0.00 | Feb 15, 2025 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping… | |||
| CVE-2024-13752 | 0.00 | — | 0.00 | Feb 15, 2025 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and… | |||
| CVE-2024-12852 | 0.00 | — | 0.00 | Jan 8, 2025 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2024-12195 | 0.00 | — | 0.00 | Jan 4, 2025 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to,… | |||
| CVE-2024-10520 | 0.00 | — | 0.00 | Nov 20, 2024 | The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it… | |||
| CVE-2024-10538 | 0.00 | — | 0.00 | Nov 12, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it… | |||
| CVE-2024-8801 | 0.00 | — | 0.00 | Sep 24, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to… | |||
| CVE-2024-6627 | 0.00 | — | 0.00 | Jul 27, 2024 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | |||
| CVE-2024-34822 | 0.00 | — | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | |||
| CVE-2023-34008 | 0.00 | — | 0.00 | Aug 30, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions. | |||
| CVE-2023-28989 | 0.00 | — | 0.00 | Jul 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. | |||
| CVE-2021-36826 | 0.00 | — | 0.01 | Apr 4, 2022 | Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | |||
| CVE-2021-24292 | 0.00 | — | 0.01 | May 17, 2021 | The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method:… |
- risk 0.34cvss 5.3epss 0.00
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.
- risk 0.32cvss 4.9epss 0.01
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including,…
- risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.3.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1.
- risk 0.28cvss 4.3epss 0.00
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger…
- risk 0.28cvss 4.3epss 0.00
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the…
- risk 0.27cvss 5.3epss 0.00
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.
- risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
- risk 0.21cvss 4.3epss 0.01
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access…
- CVE-2024-13500Feb 15, 2025risk 0.00cvss —epss 0.00
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping…
- CVE-2024-13752Feb 15, 2025risk 0.00cvss —epss 0.00
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and…
- CVE-2024-12852Jan 8, 2025risk 0.00cvss —epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2024-12195Jan 4, 2025risk 0.00cvss —epss 0.00
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to,…
- CVE-2024-10520Nov 20, 2024risk 0.00cvss —epss 0.00
The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it…
- CVE-2024-10538Nov 12, 2024risk 0.00cvss —epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it…
- CVE-2024-8801Sep 24, 2024risk 0.00cvss —epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to…
- CVE-2024-6627Jul 27, 2024risk 0.00cvss —epss 0.00
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- CVE-2024-34822Jun 11, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.
- CVE-2023-34008Aug 30, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.
- CVE-2023-28989Jul 10, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
- CVE-2021-36826Apr 4, 2022risk 0.00cvss —epss 0.01
Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.
- CVE-2021-24292May 17, 2021risk 0.00cvss —epss 0.01
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method:…
Page 2 of 2