Vendor

Wonderplugin

Products

CVEs

Across products

Status

Private

Products

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-24877	Hig	0.46	7.1	0.00		Feb 8, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.
CVE-2015-2199		0.03	—	0.02		Mar 3, 2015	Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

CVE-2024-24877HigFeb 8, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.
CVE-2015-2199Mar 3, 2015
risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.