VYPR

Vendor CVEs

Leevio

All CVEs

76 total · sorted by risk
  • CVE-2025-58269MedSep 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.

  • CVE-2025-47540MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.

  • CVE-2024-0956MedMar 29, 2024
    risk 0.32cvss 4.9epss 0.01

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including,…

  • CVE-2023-51676MedDec 29, 2023
    risk 0.32cvss 4.9epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.

  • CVE-2025-63077MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.

  • CVE-2025-32280MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25.

  • CVE-2024-48045MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.12.3.

  • CVE-2024-24833MedMay 8, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1.

  • CVE-2020-36745MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger…

  • CVE-2020-36735MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the…

  • CVE-2025-63008MedDec 9, 2025
    risk 0.27cvss 5.3epss 0.00

    Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.

  • CVE-2023-45765MedJan 2, 2025
    risk 0.21cvss 4.3epss 0.00

    Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.

  • CVE-2024-1387MedApr 9, 2024
    risk 0.21cvss 4.3epss 0.01

    The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access…

  • CVE-2024-13500Feb 15, 2025
    risk 0.00cvss epss 0.00

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping…

  • CVE-2024-13752Feb 15, 2025
    risk 0.00cvss epss 0.00

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and…

  • CVE-2024-12852Jan 8, 2025
    risk 0.00cvss epss 0.00

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-12195Jan 4, 2025
    risk 0.00cvss epss 0.00

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to,…

  • CVE-2024-10520Nov 20, 2024
    risk 0.00cvss epss 0.00

    The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it…

  • CVE-2024-10538Nov 12, 2024
    risk 0.00cvss epss 0.00

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-8801Sep 24, 2024
    risk 0.00cvss epss 0.00

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to…

  • CVE-2024-6627Jul 27, 2024
    risk 0.00cvss epss 0.00

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-34822Jun 11, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.

  • CVE-2023-34008Aug 30, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

  • CVE-2023-28989Jul 10, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.

  • CVE-2021-36826Apr 4, 2022
    risk 0.00cvss epss 0.01

    Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.

  • CVE-2021-24292May 17, 2021
    risk 0.00cvss epss 0.01

    The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method:…

Page 2 of 2