Filtered by vendor Etoilewebdesign
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36726 | 1 Etoilewebdesign | 1 Ultimate Reviews | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. | |||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | |||||
| CVE-2019-17232 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. | |||||