cbcvebase.

Xjb Rest Api To Miniprogram vulnerabilities

4 known vulnerabilities affecting xjb/rest_api_to_miniprogram.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-8484P2HIGHCVSS 7.5PoC≤ 4.7.12024-09-25
CVE-2024-8484 [HIGH] CWE-89 CVE-2024-8484: The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' para The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i
nvd
CVE-2024-8485P2CRITICALCVSS 9.8≤ 4.7.12024-09-25
CVE-2024-8485 [CRITICAL] CWE-639 CVE-2024-8485: The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account t The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitra
nvd
CVE-2026-3460P4MEDIUMCVSS 5.3≤ 5.1.22026-03-21
CVE-2026-3460 [MEDIUM] CWE-20 CVE-2026-3460: The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference i The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback (update_user_wechatshop_info_permissions_check) only validating that the supplied 'openid' parameter corresponds to an existing WordPress user, while the callback function
nvd
CVE-2025-28886P4MEDIUMCVSS 4.3≤ 5.1.22025-03-11
CVE-2025-28886 [MEDIUM] CWE-352 CVE-2025-28886: Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogr Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2.
nvd
Xjb Rest Api To Miniprogram vulnerabilities | cvebase