Known Vulnerabilities for products from Wpchill
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wpchill".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-49256 json | Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality No... | Not Provided | 2024-11-01 | 2026-04-01 |
| CVE-2024-47362 json | Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonial... | Not Provided | 2024-11-01 | 2026-04-01 |
| CVE-2024-2026 json | The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode i... | Not Provided | 2024-04-09 | 2026-04-08 |
| CVE-2024-1083 json | The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including... | Not Provided | 2024-03-13 | 2026-04-08 |
| CVE-2024-0616 json | The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in a... | Not Provided | 2024-02-29 | 2026-04-08 |
| CVE-2023-31219 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.9 - MEDIUM | 2023-11-13 | 2023-11-17 |
| CVE-2023-28171 json | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions. | 5.4 - MEDIUM | 2023-06-22 | 2023-06-28 |
| CVE-2023-26013 json | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions... | 5.4 - MEDIUM | 2023-06-16 | 2023-06-22 |
| CVE-2023-25451 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | 4.8 - MEDIUM | 2023-04-23 | 2023-04-28 |
| CVE-2023-6491 json | The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability... | Not Provided | 2024-06-07 | 2026-04-08 |
| CVE-2023-5704 json | The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versi... | Not Provided | 2023-11-22 | 2026-04-08 |
| CVE-2022-45354 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2024-01-08 | 2024-01-11 |
| CVE-2022-41135 json | Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. | 5.3 - MEDIUM | 2022-11-18 | 2022-11-23 |
| CVE-2022-40672 json | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress. | 4.8 - MEDIUM | 2022-09-23 | 2022-09-26 |
| CVE-2022-37407 json | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at Wo... | 5.4 - MEDIUM | 2022-09-09 | 2022-09-10 |
| CVE-2022-36292 json | Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | 8.8 - HIGH | 2022-08-23 | 2022-08-25 |
| CVE-2022-27852 json | Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions... | 6.1 - MEDIUM | 2022-04-15 | 2023-11-07 |
| CVE-2022-4544 json | The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting t... | 5.4 - MEDIUM | 2023-01-16 | 2023-11-07 |
| CVE-2022-2981 json | The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, ... | 4.9 - MEDIUM | 2022-10-10 | 2022-10-12 |
| CVE-2022-2222 json | The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, ... | 4.9 - MEDIUM | 2022-07-17 | 2022-07-18 |