CVE-2024-8959
- EPSS 0.08%
- Veröffentlicht 24.10.2024 12:15:04
- Zuletzt bearbeitet 25.10.2024 12:56:07
The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and o...
CVE-2023-52132
- EPSS 0.14%
- Veröffentlicht 31.12.2023 18:15:51
- Zuletzt bearbeitet 21.11.2024 08:39:14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6.
CVE-2023-44266
- EPSS 0.06%
- Veröffentlicht 02.10.2023 11:15:50
- Zuletzt bearbeitet 21.11.2024 08:25:33
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
CVE-2023-4060
- EPSS 0.13%
- Veröffentlicht 11.09.2023 20:15:11
- Zuletzt bearbeitet 23.04.2025 17:16:41
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe...