Filtered by vendor Wow-company
Subscriptions
Filtered by product Viral-signup
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20245 | 2 Wordpress, Wow-company | 2 Wordpress, Viral-signup | 2026-06-09 | 8.2 High |
| Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database. | ||||
| CVE-2024-6927 | 1 Wow-company | 2 Viral-signup, Viral Signup | 2024-10-07 | 4.8 Medium |
| The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6926 | 1 Wow-company | 2 Viral-signup, Viral Signup | 2024-10-07 | 9.8 Critical |
| The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
Page 1 of 1.