VYPR
Vendor

Wpwax

Products
5
CVEs
20
Across products
20
Status
Private

Products

5

Recent CVEs

20
  • CVE-2025-32658CriApr 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects HelpGent: from n/a through <= 2.2.5.

  • CVE-2024-2006HigMar 13, 2024
    risk 0.57cvss 8.8epss 0.01

    The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup…

  • CVE-2023-1888HigJun 9, 2023
    risk 0.50cvss 8.8epss 0.01

    The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2024-1950HigMar 13, 2024
    risk 0.49cvss 7.5epss 0.01

    The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with…

  • CVE-2025-68069HigFeb 20, 2026
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.

  • CVE-2025-48242MedMay 19, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.

  • CVE-2025-24782MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows PHP Local File Inclusion.This issue affects Post Grid, Slider & Carousel…

  • CVE-2024-44048MedSep 23, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate.This issue affects Product Carousel Slider & Grid…

  • CVE-2024-29925MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.

  • CVE-2025-24681MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid…

  • CVE-2023-1889MedJun 9, 2023
    risk 0.35cvss 6.5epss 0.01

    The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers,…

  • CVE-2026-39509MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.

  • CVE-2025-66077MedNov 21, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.

  • CVE-2023-41798MedNov 7, 2023
    risk 0.33cvss 5.1epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through…

  • CVE-2025-64250MedDec 16, 2025
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through <= 8.6.6.

  • CVE-2023-35052MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.

  • CVE-2023-50886MedMar 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.

  • CVE-2024-1322MedFeb 29, 2024
    risk 0.27cvss 5.3epss 0.01

    The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes…

  • CVE-2024-13408Jan 24, 2025
    risk 0.00cvss epss 0.01

    The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for…

  • CVE-2024-13409Jan 24, 2025
    risk 0.00cvss epss 0.01

    The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes…