Shodan
Vulnerabilities
Vulnerable Software
Tipsandtricks-Hq:  >> All In One Wp Security & Firewall  >> 1.7  Security Vulnerabilities
CVE-2022-44737
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-22
CVE-2021-25102
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk
CVSS Score
4.7
EPSS Score
0.001
Published
2022-05-02
CVE-2016-10888
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
CVE-2015-9310
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
CVE-2016-10887
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-08-14
CVE-2016-10866
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13
CVE-2016-10867
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13
CVE-2016-10868
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13
CVE-2015-9293
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13
CVE-2015-9294
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved