Weblizar: Security Vulnerabilities
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.
CVSS Score
7.6
EPSS Score
0.045
Published
2024-05-02
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
CVSS Score
9.8
EPSS Score
0.929
Published
2024-01-16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-06
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-06
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-27
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-02
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-29
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13
Page 1