Vulnerabilities in wpweb
25 resultsCVE-2024-54383CRITICALWordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerabilityEPSS 1.1%CVE-2024-6756HIGHSocial Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File UploadEPSS 0.8%CVE-2024-6753HIGHSocial Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.8%CVE-2024-5871CRITICALWooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2024-7503CRITICALWooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account TakeoverEPSS 0.6%CVE-2024-10114HIGHSocial Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth providerEPSS 0.5%CVE-2024-6636CRITICALWooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 0.5%CVE-2024-39651HIGHWordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2024-43131HIGHWordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerabilityEPSS 0.5%CVE-2024-7027HIGHWooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher VendorEPSS 0.4%CVE-2024-6635HIGHWooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication BypassEPSS 0.4%CVE-2024-6637HIGHWooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time PasswordEPSS 0.4%CVE-2024-6755MEDIUMSocial Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2024-37502MEDIUMWordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2024-5868MEDIUMWooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient RandomnessEPSS 0.3%CVE-2025-64258HIGHWordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2024-47369HIGHWordPress Social Auto Poster plugin <= 5.3.15 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-6750HIGHSocial Auto Poster <= 5.3.14 - Missing Authorization via Multiple FunctionsEPSS 0.3%CVE-2024-56265HIGHWordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-6754MEDIUMSocial Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_templateEPSS 0.3%