Filtered by vendor Wedevs Subscriptions
Total 89 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2744 1 Wedevs 1 Wp Erp 2025-02-13 7.2 High
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVE-2024-10174 1 Wedevs 1 Wp Project Manager 2025-02-05 7.3 High
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes.
CVE-2024-34822 1 Wedevs 1 Wemail 2024-11-21 5.3 Medium
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.
CVE-2023-52217 1 Wedevs 1 Woocommerce Conversion Tracking 2024-11-21 4.3 Medium
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
CVE-2023-41236 1 Wedevs 1 Happy Addons For Elementor 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions.
CVE-2023-28989 1 Wedevs 1 Happy Addons For Elementor 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
CVE-2021-25076 1 Wedevs 1 Wp User Frontend 2024-11-21 8.8 High
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CVE-2021-24292 1 Wedevs 1 Happy Addons For Elementor 2024-11-21 5.4 Medium
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter.
CVE-2024-38693 1 Wedevs 1 Wp User Frontend 2024-09-13 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.