Wow-Company Viral Signup vulnerabilities
2 known vulnerabilities affecting wow-company/viral_signup.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-6926P2CRITICALCVSS 9.8PoC≤ 2.12024-09-04
CVE-2024-6926 [CRITICAL] CWE-89 CVE-2024-6926: The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter bef
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
nvd
CVE-2024-6927P4MEDIUMCVSS 4.8≤ 2.12024-08-29
CVE-2024-6927 [MEDIUM] CWE-79 CVE-2024-6927: The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, wh
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd