VYPR
Vendor

Wpengine

Products
4
CVEs
11
Across products
11
Status
Private

Products

4

Recent CVEs

11
  • CVE-2023-6933HigFeb 5, 2024
    risk 0.58cvss 8.8epss 0.68

    The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the…

  • CVE-2024-3563MedJul 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2023-2173MedAug 31, 2023
    risk 0.42cvss 6.5epss 0.00

    The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler,…

  • CVE-2023-2171MedAug 31, 2023
    risk 0.35cvss 5.4epss 0.00

    The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

  • CVE-2023-2174MedAug 31, 2023
    risk 0.28cvss 4.3epss 0.00

    The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-2172MedAug 31, 2023
    risk 0.28cvss 4.3epss 0.00

    The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler,…

  • CVE-2023-23684MedNov 13, 2023
    risk 0.22cvss 4.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

  • CVE-2019-9879Jun 10, 2019
    risk 0.09cvss epss 0.47

    The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

  • CVE-2019-9881Jun 10, 2019
    risk 0.06cvss epss 0.19

    The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

  • CVE-2019-9880Jun 10, 2019
    risk 0.02cvss epss 0.35

    An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

  • CVE-2022-2593Aug 22, 2022
    risk 0.00cvss epss 0.01

    The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks