Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2022-4681
- EPSS 3.6%
- Published 06.02.2023 20:15:11
- Last modified 25.03.2025 19:15:39
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
9.8
CVE-2021-36916
- EPSS 0.61%
- Published 24.11.2021 17:15:07
- Last modified 21.11.2024 06:14:17
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple ...
7.5
CVE-2021-36917
- EPSS 1.24%
- Published 24.11.2021 17:15:07
- Last modified 21.11.2024 06:14:18
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
1