Latest Kibokolabs Vulnerabilities

CVE-2023-47686
WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Kibokolabs Arigato Autoresponder And Newsletter<=2.7.2.2
CVE-2023-4602
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization an...
Kibokolabs Namaste\! Lms<2.6.1.2
CVE-2023-30483
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions.
Kibokolabs Watu Quiz<=3.3.9.2
CVE-2023-0545
The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w...
Kibokolabs Hostel<=1.1.5
CVE-2015-10111
A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam...
Kibokolabs Watu Quiz<2.6.8
<2.6.8
CVE-2023-25031
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
Kibokolabs Arigato Autoresponder And Newsletter<=2.7.1
CVE-2023-25020
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
Kibokolabs Arigato Autoresponder And Newsletter<=2.7.1.1
CVE-2023-25027
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.
Kibokolabs Chained Quiz<=1.3.2.5
CVE-2023-25022
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.
Kibokolabs Watu Quiz<=3.3.8
CVE-2023-0968
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient in...
Kibokolabs Watu Quiz<=3.3.9
CVE-2023-0548
The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks ...
Kibokolabs Namaste\! Lms<2.5.9.4
CVE-2023-0543
The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross...
Kibokolabs Arigato Autoresponder And Newsletter<2.1.7.2
CVE-2023-0429
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve...
Kibokolabs Watu Quiz<3.3.8.2
CVE-2023-0428
Kibokolabs Watu Quiz<3.3.8.2
CVE-2022-4219
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This make...
Kibokolabs Chained Quiz<=1.3.2.4
CVE-2022-4208
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficie...
Kibokolabs Chained Quiz<=1.3.2
CVE-2022-4210
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient...
Kibokolabs Chained Quiz<=1.3.2
CVE-2022-4216
The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization a...
Kibokolabs Chained Quiz<=1.3.2.2
CVE-2022-4211
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insuffici...
Kibokolabs Chained Quiz<=1.3.2
CVE-2022-4217
The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and outp...
Kibokolabs Chained Quiz<=1.3.2.2
CVE-2022-4209
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insuffic...
Kibokolabs Chained Quiz<=1.3.2
CVE-2022-4215
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insuffici...
Kibokolabs Chained Quiz<=1.3.2.3
CVE-2021-24690
The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.
Kibokolabs Chained Quiz<1.2.7.2
CVE-2021-38358
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary ...
Kibokolabs Moolamojo<=0.7.4.1
CVE-2021-38317
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitr...
Kibokolabs Konnichiwa<=0.8.3
CVE-2018-14502
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
Kibokolabs Chained Quiz<1.0.9
CVE-2020-7104
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
Kibokolabs Chained Quiz=1.1.8.1
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
Kibokolabs Watupro<4.9.0.8
CVE-2016-10892
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.
Kibokolabs Chained Quiz<1.0
CVE-2019-12345
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
Kibokolabs Hostel<1.1.4
CVE-2018-1002004
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002000
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection ...
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002008
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in li...
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002002
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002001
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002003
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002009
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in un...
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.8
CVE-2018-1002005
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Kibokolabs Arigato Autoresponder And Newsletter>=2.5.0<2.5.1.5
CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment...
Kibokolabs Arigato Autoresponder And Newsletter=2.5.1.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203