Mojoomla Wpams vulnerabilities
8 known vulnerabilities affecting mojoomla/wpams.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-39401P2CRITICALCVSS 10.0≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39401 [CRITICAL] CWE-434 CVE-2025-39401: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2025-39402P2CRITICALCVSS 9.9≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39402 [CRITICAL] CWE-434 CVE-2025-39402: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2025-39395P2CRITICALCVSS 9.3≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39395 [CRITICAL] CWE-89 CVE-2025-39395: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2025-39406P3CRITICALCVSS 9.8≤ 44.02025-05-19
CVE-2025-39406 [CRITICAL] CWE-98 CVE-2025-39406: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through <= 44.0.
nvd
CVE-2025-39403P3HIGHCVSS 8.5≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39403 [HIGH] CWE-89 CVE-2025-39403: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2025-39405P3HIGHCVSS 8.8≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39405 [HIGH] CWE-266 CVE-2025-39405: Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege
Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2025-39392P4HIGHCVSS 7.1≤ 44.0 (17-08-2023)2025-05-19
CVE-2025-39392 [HIGH] CWE-79 CVE-2025-39392: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS apartment-management allows Reflected XSS.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
nvd
CVE-2026-39433MEDIUMCVSS 6.5≥ n/a, < 49.5.32026-06-16
CVE-2026-39433 [MEDIUM] CWE-862 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
cvelistv5