Vulnerabilities (CVE)

Filtered by vendor Highfivery Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-32121 1 Highfivery 1 Zero Spam For Wordpress 2024-11-21 N/A 7.2 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.
CVE-2022-0254 1 Highfivery 1 Zero-spam 2024-11-21 7.5 HIGH 9.8 CRITICAL
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection