VYPR
Vendor

WoWonder

Products
2
CVEs
6
Across products
7
Status
Private

Products

2

Recent CVEs

6
  • CVE-2022-42984CriNov 15, 2022
    risk 0.64cvss 9.8epss 0.01

    WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.

  • CVE-2021-27200CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.03

    In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

  • CVE-2022-40405HigNov 15, 2022
    risk 0.49cvss 7.5epss 0.01

    WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs.

  • CVE-2021-26935HigMar 18, 2021
    risk 0.49cvss 7.5epss 0.02

    In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.

  • CVE-2022-1753MedMay 17, 2022
    risk 0.35cvss 5.4epss 0.01

    A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack…

  • CVE-2022-26254MedMar 27, 2022
    risk 0.35cvss 5.3epss 0.01

    WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.