Vulnerabilities (CVE)

Filtered by vendor Helloasso Subscribe
Filtered by product Helloasso
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7605 1 Helloasso 1 Helloasso 2024-09-12 N/A 4.3 MEDIUM
The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service.
CVE-2024-37488 1 Helloasso 1 Helloasso 2024-09-06 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.