Sign in Subscribe

← All vendors

Vendor

Wpchill

Products

7

CVEs

13

Across products

13

Status

Private

Products

7

Recent CVEs

13

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2023-34007	Cri	0.64	9.9	0.00		Dec 20, 2023	Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
CVE-2024-30501	Hig	0.49	7.6	0.01		Mar 29, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.
CVE-2024-2026	Med	0.42	6.4	0.00		Apr 9, 2024	The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-5704	Med	0.42	6.4	0.00		Nov 22, 2023	The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-45354	Med	0.41	5.3	0.88		Jan 8, 2024	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
CVE-2024-32429	Med	0.38	5.9	0.00		Apr 15, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13.
CVE-2024-49256	Med	0.35	5.4	0.00		Nov 1, 2024	Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through <= 1.0.18.
CVE-2024-1083	Med	0.34	5.3	0.00		Mar 13, 2024	The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content
CVE-2024-0616	Med	0.34	5.3	0.01		Feb 29, 2024	The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.
CVE-2024-47362	Med	0.28	4.3	0.01		Nov 1, 2024	Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.
CVE-2023-6491	Med	0.28	4.3	0.00		Jun 7, 2024	The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
CVE-2023-52123	Med	0.28	4.3	0.00		Jan 5, 2024	Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
CVE-2023-31219	Med	0.27	4.1	0.00		Nov 13, 2023	Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.