Latest Wpchill Vulnerabilities

CVE-2022-45354
WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure
Wpchill Download Monitor<=4.7.60
CVE-2023-34007
WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload
Wpchill Download Monitor<=4.8.3
CVE-2023-5704
The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and ...
Wpchill Cpo Shortcodes<=1.5.0
CVE-2023-31219
WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)
Wpchill Download Monitor<=4.8.1
CVE-2023-28171
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
<=1.3.1
CVE-2023-26013
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
Wpchill Strong Testimonials<=3.0.2
CVE-2023-25451
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.
Wpchill Cpo Content Types<=1.1.0
CVE-2022-4544
The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contrib...
Wpchill Mashshare<3.8.7
CVE-2022-41135
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
Wpchill Customizable Wordpress Gallery Plugin - Modula Image Gallery<2.6.91
CVE-2022-2981
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download ...
Wpchill Download Monitor<4.5.98
CVE-2022-40672
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
Wpchill Cpo Shortcodes<=1.5.0
CVE-2022-37407
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
Wpchill Gallery Photoblocks<=1.2.6
CVE-2022-36292
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
Wpchill Gallery Photoblocks<=1.2.6
CVE-2022-2222
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download ...
Wpchill Download Monitor<4.5.91
CVE-2022-1547
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Wpchill Check \& Log Email<1.0.6
CVE-2022-1054
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result...
Wpchill Rsvp And Event Management<2.7.8
CVE-2022-27852
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions.
Wpchill Kb Support<=1.5.5
CVE-2021-24446
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XS...
Wpchill Remove Footer Credit<1.0.6
CVE-2021-31567
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration f...
Wpchill Download Monitor<=4.4.6
CVE-2021-23174
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_ve...
<4.4.7
CVE-2021-36920
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
Wpchill Download Monitor<=4.4.6
CVE-2021-24786
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injecti...
<4.4.5
CVE-2021-24908
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Wpchill Check \& Log Email<1.0.4
CVE-2021-24774
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injecti...
Wpchill Check \& Log Email<1.0.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203