Shodan
Vulnerabilities
Vulnerable Software
Wpdevart:  Security Vulnerabilities
CVE-2022-47603
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-03-29
CVE-2022-47438
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-29
CVE-2023-23983
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-28
CVE-2023-24384
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-23
CVE-2023-24388
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-17
CVE-2023-0177
The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-02-13
CVE-2022-3982
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
CVSS Score
9.8
EPSS Score
0.906
Published
2022-12-12
CVE-2022-34656
Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-06
CVE-2022-1946
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.008
Published
2022-07-04
CVE-2022-0876
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved