Known Vulnerabilities for products from Wpchill
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Wpchill".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-49256 | Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality No... | Not Provided | 2024-11-01 | 2026-04-01 |
| CVE-2024-47362 | Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonial... | Not Provided | 2024-11-01 | 2026-04-01 |
| CVE-2021-36920 | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <=... | 5.4 - MEDIUM | 2022-01-14 | 2022-01-21 |
| CVE-2021-31567 | Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4... | 6.8 - MEDIUM | 2022-01-28 | 2022-02-03 |
| CVE-2021-25050 | The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to... | 4.8 - MEDIUM | 2022-02-14 | 2022-02-19 |
| CVE-2021-24908 | The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute... | 6.1 - MEDIUM | 2021-11-29 | 2021-11-29 |
| CVE-2021-24786 | The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before u... | 7.2 - HIGH | 2022-01-03 | 2022-01-11 |
| CVE-2021-24774 | The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters bef... | 7.2 - HIGH | 2021-10-25 | 2021-10-27 |
| CVE-2021-24446 | The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which coul... | 5.4 - MEDIUM | 2022-02-14 | 2022-02-19 |
| CVE-2021-23174 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (v... | 4.8 - MEDIUM | 2022-01-28 | 2023-11-07 |