Filtered by vendor Kibokolabs
Subscribe
Total
39 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | |||||
CVE-2021-24690 | 1 Kibokolabs | 1 Chained Quiz | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings. | |||||
CVE-2021-38317 | 1 Kibokolabs | 1 Konnichiwa | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | |||||
CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-02-04 | 5.8 MEDIUM | 4.3 MEDIUM |
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | |||||
CVE-2018-14502 | 1 Kibokolabs | 1 Chained Quiz | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. | |||||
CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | |||||
CVE-2019-12345 | 1 Kibokolabs | 1 Hostel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | |||||
CVE-2016-10892 | 1 Kibokolabs | 1 Chained Quiz | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. | |||||
CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||
CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
CVE-2018-18461 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | |||||
CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||
CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | |||||
CVE-2018-1002000 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. | |||||
CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. |