Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Weblizar Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1609 1 Weblizar 1 School Management 2024-02-05 N/A 9.8 CRITICAL
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
CVE-2017-20098 1 Weblizar 1 Admin Custom Login 2024-02-04 3.5 LOW 4.8 MEDIUM
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.
CVE-2021-34628 1 Weblizar 1 Admin Custom Login 2024-02-04 6.8 MEDIUM 8.8 HIGH
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.
CVE-2019-15781 1 Weblizar 1 Social Likebox \& Feed 2024-02-04 6.8 MEDIUM 8.8 HIGH
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
CVE-2018-5654 1 Weblizar 1 Pinterest-feeds 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
CVE-2018-5656 1 Weblizar 1 Pinterest-feeds 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
CVE-2018-5655 1 Weblizar 1 Pinterest-feeds 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
CVE-2018-5653 1 Weblizar 1 Pinterest-feeds 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.