Vulnerabilidades em wpWax
37 resultadosCVE-2024-2006HIGHPost Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markupEPSS 1.2%CVE-2024-1950HIGHProduct Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object InjectionEPSS 1.2%CVE-2024-1951HIGHLogo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object InjectionEPSS 1.0%CVE-2023-1888HIGHDirectorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege EscalationEPSS 1.0%CVE-2024-13409HIGHPost Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()EPSS 0.8%CVE-2025-10488HIGHDirectorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File MoveEPSS 0.8%CVE-2024-12040HIGHProduct Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme'EPSS 0.8%CVE-2023-1889MEDIUMDirectorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_taskEPSS 0.6%CVE-2025-32499MEDIUMWordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2024-13408HIGHPost Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File InclusionEPSS 0.6%CVE-2024-1322MEDIUMDirectorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings ChangeEPSS 0.5%CVE-2023-41798MEDIUMWordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV InjectionEPSS 0.5%CVE-2024-44048MEDIUMWordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerabilityEPSS 0.5%CVE-2022-34650MEDIUMWordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilitiesEPSS 0.4%CVE-2022-34853MEDIUMWordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilitiesEPSS 0.4%CVE-2025-24782MEDIUMWordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerabilityEPSS 0.4%CVE-2025-32658CRITICALWordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2025-1570HIGHDirectorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTPEPSS 0.4%CVE-2026-22460HIGHWordPress FormGent plugin <= 1.7.0 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2024-12041MEDIUMDirectorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information ExposureEPSS 0.4%