Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by Saleswonder Team: Tobias
CVE-2025-60088 (GCVE-0-2025-60088)
Vulnerability from cvelistv5 – Published: 2025-12-18 07:22 – Updated: 2026-04-24 19:09
VLAI?
Title
WordPress WebinarIgnition plugin <= 4.06.04 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through <= 4.06.04.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WebinarIgnition |
Affected:
0 , ≤ 4.06.04
(custom)
|
Date Public ?
2026-04-01 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:53:36.998863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T19:09:21.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "webinar-ignition",
"product": "WebinarIgnition",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "4.06.05",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.06.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Denver Jackson | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:00:19.506Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WebinarIgnition: from n/a through \u003c= 4.06.04.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through \u003c= 4.06.04."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:08:55.159Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/webinar-ignition/vulnerability/wordpress-webinarignition-plugin-4-05-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WebinarIgnition plugin \u003c= 4.06.04 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60088",
"datePublished": "2025-12-18T07:22:08.134Z",
"dateReserved": "2025-09-25T15:20:02.782Z",
"dateUpdated": "2026-04-24T19:09:21.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54028 (GCVE-0-2025-54028)
Vulnerability from cvelistv5 – Published: 2025-08-20 08:03 – Updated: 2026-04-23 14:13
VLAI?
Title
WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through <= 1.7.2.
Severity ?
7.5 (High)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | CF7 WOW Styler |
Affected:
0 , ≤ 1.7.2
(custom)
|
Date Public ?
2026-04-22 14:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T17:11:23.738364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T17:13:53.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cf7-styler",
"product": "CF7 WOW Styler",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.7.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:26:59.646Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.\u003cp\u003eThis issue affects CF7 WOW Styler: from n/a through \u003c= 1.7.2.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through \u003c= 1.7.2."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:13:19.256Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-7-2-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress CF7 WOW Styler Plugin \u003c= 1.7.2 - Local File Inclusion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-54028",
"datePublished": "2025-08-20T08:03:00.560Z",
"dateReserved": "2025-07-16T08:51:50.629Z",
"dateUpdated": "2026-04-23T14:13:19.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49316 (GCVE-0-2025-49316)
Vulnerability from cvelistv5 – Published: 2025-06-17 15:01 – Updated: 2026-04-23 14:13
VLAI?
Title
WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.5.0
(custom)
|
Date Public ?
2026-04-22 14:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:19:58.834541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:13:11.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "johska | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:28:15.018Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.5.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through \u003c= 3.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:13:03.983Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS plugin \u003c= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49316",
"datePublished": "2025-06-17T15:01:23.808Z",
"dateReserved": "2025-06-04T09:42:07.048Z",
"dateUpdated": "2026-04-23T14:13:03.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32922 (GCVE-0-2025-32922)
Vulnerability from cvelistv5 – Published: 2025-05-15 18:11 – Updated: 2026-04-23 14:12
VLAI?
Title
WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
Severity ?
7.1 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.5.0
(custom)
|
Date Public ?
2026-04-22 14:29
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T18:29:19.108122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T18:29:26.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "johska | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:29:08.912Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.5.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through \u003c= 3.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:12:36.363Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS plugin \u003c= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32922",
"datePublished": "2025-05-15T18:11:54.301Z",
"dateReserved": "2025-04-14T11:30:45.183Z",
"dateUpdated": "2026-04-23T14:12:36.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30827 (GCVE-0-2025-30827)
Vulnerability from cvelistv5 – Published: 2025-04-01 05:31 – Updated: 2026-04-23 14:06
VLAI?
Title
WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.5.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.4.5
(custom)
|
Date Public ?
2026-04-22 14:31
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T13:15:11.731774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T13:15:20.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.4.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "johska | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:31:09.258Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.4.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through \u003c= 3.4.5."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:06:44.031Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS plugin \u003c= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-30827",
"datePublished": "2025-04-01T05:31:37.708Z",
"dateReserved": "2025-03-26T09:20:39.457Z",
"dateUpdated": "2026-04-23T14:06:44.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24565 (GCVE-0-2025-24565)
Vulnerability from cvelistv5 – Published: 2025-02-14 12:44 – Updated: 2026-04-23 14:02
VLAI?
Title
WordPress WP2LEADS plugin <= 3.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.3.3.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.3.3
(custom)
|
Date Public ?
2026-04-22 14:32
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:06:40.680999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:15:39.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.3.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:32:40.348Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.3.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through \u003c= 3.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:02:37.443Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS plugin \u003c= 3.3.3 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-24565",
"datePublished": "2025-02-14T12:44:34.165Z",
"dateReserved": "2025-01-23T14:50:32.998Z",
"dateUpdated": "2026-04-23T14:02:37.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56065 (GCVE-0-2024-56065)
Vulnerability from cvelistv5 – Published: 2025-01-13 13:11 – Updated: 2026-04-23 13:58
VLAI?
Title
WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.2.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.4.2
(custom)
|
Date Public ?
2026-04-22 14:33
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T13:43:51.256477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T13:44:00.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:33:56.534Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.4.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through \u003c= 3.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:58:13.284Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS Plugin \u003c= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56065",
"datePublished": "2025-01-13T13:11:37.564Z",
"dateReserved": "2024-12-14T19:43:18.742Z",
"dateUpdated": "2026-04-23T13:58:13.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51689 (GCVE-0-2024-51689)
Vulnerability from cvelistv5 – Published: 2024-11-09 12:53 – Updated: 2026-04-23 13:54
VLAI?
Title
WordPress CF7 WOW Styler plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through <= 1.6.8.
Severity ?
7.1 (High)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | CF7 WOW Styler |
Affected:
0 , ≤ 1.6.8
(custom)
|
Date Public ?
2026-04-22 14:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-09T15:23:18.386335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-09T15:23:36.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cf7-styler",
"product": "CF7 WOW Styler",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.6.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Ngoc Anh | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:36:12.672Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows Reflected XSS.\u003cp\u003eThis issue affects CF7 WOW Styler: from n/a through \u003c= 1.6.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through \u003c= 1.6.8."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:54:57.022Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress CF7 WOW Styler plugin \u003c= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-51689",
"datePublished": "2024-11-09T12:53:18.445Z",
"dateReserved": "2024-10-30T15:05:46.519Z",
"dateUpdated": "2026-04-23T13:54:57.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51579 (GCVE-0-2024-51579)
Vulnerability from cvelistv5 – Published: 2024-11-09 09:04 – Updated: 2026-04-23 13:54
VLAI?
Title
WordPress 5 Stars Rating Funnel plugin <=1.4.01 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01.
Severity ?
8.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | 5 Stars Rating Funnel |
Affected:
0 , ≤ 1.4.01
(custom)
|
Date Public ?
2026-04-22 14:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:44:36.067356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:15:04.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "5-stars-rating-funnel",
"product": "5 Stars Rating Funnel",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"lessThanOrEqual": "1.4.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:36:14.238Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.\u003cp\u003eThis issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.4.01.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.4.01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:54:31.941Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/5-stars-rating-funnel/vulnerability/wordpress-5-stars-rating-funnel-plugin-1-4-01-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress 5 Stars Rating Funnel plugin \u003c=1.4.01 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-51579",
"datePublished": "2024-11-09T09:04:46.586Z",
"dateReserved": "2024-10-30T15:03:49.638Z",
"dateUpdated": "2026-04-23T13:54:31.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37544 (GCVE-0-2024-37544)
Vulnerability from cvelistv5 – Published: 2024-07-12 13:26 – Updated: 2026-04-23 13:51
VLAI?
Title
WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias Get Better Reviews for WooCommerce more-better-reviews-for-woocommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through <= 4.0.6.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | Get Better Reviews for WooCommerce |
Affected:
0 , ≤ 4.0.6
(custom)
|
Date Public ?
2026-04-22 14:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:35:00.833556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T18:14:03.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/more-better-reviews-for-woocommerce/wordpress-get-better-reviews-for-woocommerce-plugin-4-0-6-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "more-better-reviews-for-woocommerce",
"product": "Get Better Reviews for WooCommerce",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:38:44.661Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias Get Better Reviews for WooCommerce more-better-reviews-for-woocommerce.\u003cp\u003eThis issue affects Get Better Reviews for WooCommerce: from n/a through \u003c= 4.0.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias Get Better Reviews for WooCommerce more-better-reviews-for-woocommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through \u003c= 4.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:52.482Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/more-better-reviews-for-woocommerce/vulnerability/wordpress-get-better-reviews-for-woocommerce-plugin-4-0-6-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Get Better Reviews for WooCommerce plugin \u003c= 4.0.6 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37544",
"datePublished": "2024-07-12T13:26:07.127Z",
"dateReserved": "2024-06-09T18:16:46.937Z",
"dateUpdated": "2026-04-23T13:51:52.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34763 (GCVE-0-2024-34763)
Vulnerability from cvelistv5 – Published: 2024-06-11 16:57 – Updated: 2026-04-23 13:51
VLAI?
Title
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through <= 1.01.5.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | Builder for WooCommerce reviews shortcodes – ReviewShort |
Affected:
0 , ≤ 1.01.5
(custom)
|
Date Public ?
2026-04-22 14:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T20:43:14.677574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T20:44:18.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-product-reviews-shortcode",
"product": "Builder for WooCommerce reviews shortcodes \u2013 ReviewShort",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.01.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.01.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:38:57.877Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes \u2013 ReviewShort woo-product-reviews-shortcode.\u003cp\u003eThis issue affects Builder for WooCommerce reviews shortcodes \u2013 ReviewShort: from n/a through \u003c= 1.01.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes \u2013 ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes \u2013 ReviewShort: from n/a through \u003c= 1.01.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:27.484Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/woo-product-reviews-shortcode/vulnerability/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Builder for WooCommerce reviews shortcodes \u2013 ReviewShort plugin \u003c= 1.01.5 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34763",
"datePublished": "2024-06-11T16:57:37.798Z",
"dateReserved": "2024-05-08T12:03:07.438Z",
"dateUpdated": "2026-04-23T13:51:27.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34826 (GCVE-0-2024-34826)
Vulnerability from cvelistv5 – Published: 2024-06-11 15:07 – Updated: 2026-04-23 13:51 X_Known Exploited Vulnerability
VLAI?
Title
WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | CF7 WOW Styler |
Affected:
0 , ≤ 1.6.4
(custom)
|
Date Public ?
2026-04-22 14:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:33:10.806164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:33:20.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/cf7-styler/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cf7-styler",
"product": "CF7 WOW Styler",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.6.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:38:55.431Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.\u003cp\u003eThis issue affects CF7 WOW Styler: from n/a through \u003c= 1.6.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through \u003c= 1.6.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:30.207Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/cf7-styler/vulnerability/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"tags": [
"x_known-exploited-vulnerability"
],
"title": "WordPress CF7 WOW Styler plugin \u003c= 1.6.4 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34826",
"datePublished": "2024-06-11T15:07:10.516Z",
"dateReserved": "2024-05-09T12:39:22.883Z",
"dateUpdated": "2026-04-23T13:51:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32725 (GCVE-0-2024-32725)
Vulnerability from cvelistv5 – Published: 2024-06-09 16:52 – Updated: 2026-04-23 13:51
VLAI?
Title
WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | 5 Stars Rating Funnel |
Affected:
0 , ≤ 1.2.67
(custom)
|
Date Public ?
2026-04-22 14:39
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:5_stars_rating_funnel_project:5_stars_rating_funnel:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "5_stars_rating_funnel",
"vendor": "5_stars_rating_funnel_project",
"versions": [
{
"lessThanOrEqual": "1.2.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T13:22:39.714185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T13:22:42.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/5-stars-rating-funnel/wordpress-5-stars-rating-funnel-plugin-1-2-67-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "5-stars-rating-funnel",
"product": "5 Stars Rating Funnel",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.3.02",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:39:04.268Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.\u003cp\u003eThis issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.2.67.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.2.67."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:20.402Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/5-stars-rating-funnel/vulnerability/wordpress-5-stars-rating-funnel-plugin-1-2-67-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32725",
"datePublished": "2024-06-09T16:52:41.990Z",
"dateReserved": "2024-04-17T10:02:58.225Z",
"dateUpdated": "2026-04-23T13:51:20.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32445 (GCVE-0-2024-32445)
Vulnerability from cvelistv5 – Published: 2024-04-15 07:58 – Updated: 2026-04-23 13:51
VLAI?
Title
WordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition.This issue affects WebinarIgnition: from n/a through <= 3.05.8.
Severity ?
5.4 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WebinarIgnition |
Affected:
0 , ≤ 3.05.8
(custom)
|
Date Public ?
2026-04-22 14:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:38:06.351042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:38:13.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:44.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "webinar-ignition",
"product": "WebinarIgnition",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.06.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.05.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:40:18.489Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition.\u003cp\u003eThis issue affects WebinarIgnition: from n/a through \u003c= 3.05.8.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition.This issue affects WebinarIgnition: from n/a through \u003c= 3.05.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:16.342Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/webinar-ignition/vulnerability/wordpress-webinarignition-plugin-3-05-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress WebinarIgnition plugin \u003c= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32445",
"datePublished": "2024-04-15T07:58:47.663Z",
"dateReserved": "2024-04-12T14:58:00.298Z",
"dateUpdated": "2026-04-23T13:51:16.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-31358 (GCVE-0-2024-31358)
Vulnerability from cvelistv5 – Published: 2024-04-10 15:57 – Updated: 2026-04-01 15:33
VLAI?
Title
WordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | 5 Stars Rating Funnel |
Affected:
0 , ≤ 1.2.67
(custom)
|
Date Public ?
2026-04-01 16:24
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:saleswonder.biz:5_star_rating_funnel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "5_star_rating_funnel",
"vendor": "saleswonder.biz",
"versions": [
{
"lessThanOrEqual": "1.2.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T18:06:20.796994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:10:15.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/5-stars-rating-funnel/wordpress-5-stars-rating-funnel-plugin-1-2-67-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "5-stars-rating-funnel",
"product": "5 Stars Rating Funnel",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.3.02",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emili Castells | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:24:44.206Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.\u003cp\u003eThis issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.2.67.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through \u003c= 1.2.67."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:33:57.648Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/5-stars-rating-funnel/vulnerability/wordpress-5-stars-rating-funnel-plugin-1-2-67-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress 5 Stars Rating Funnel plugin \u003c= 1.2.67 - Arbitrary Content Deletion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31358",
"datePublished": "2024-04-10T15:57:04.643Z",
"dateReserved": "2024-04-01T06:51:05.775Z",
"dateUpdated": "2026-04-01T15:33:57.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-31375 (GCVE-0-2024-31375)
Vulnerability from cvelistv5 – Published: 2024-04-08 08:59 – Updated: 2026-04-01 15:33
VLAI?
Title
WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | WP2LEADS |
Affected:
0 , ≤ 3.2.7
(custom)
|
Date Public ?
2026-04-01 16:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:22:39.843416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:59.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp2leads/wordpress-wp2leads-plugin-3-2-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp2leads",
"product": "WP2LEADS",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "3.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:24:35.333Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.\u003cp\u003eThis issue affects WP2LEADS: from n/a through \u003c= 3.2.7.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through \u003c= 3.2.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:33:58.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-2-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP2LEADS plugin \u003c= 3.2.7 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31375",
"datePublished": "2024-04-08T08:59:28.911Z",
"dateReserved": "2024-04-01T06:51:34.353Z",
"dateUpdated": "2026-04-01T15:33:58.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29093 (GCVE-0-2024-29093)
Vulnerability from cvelistv5 – Published: 2024-03-19 16:40 – Updated: 2026-04-23 13:51
VLAI?
Title
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through <= 1.01.3.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Saleswonder Team: Tobias | Builder for WooCommerce reviews shortcodes – ReviewShort |
Affected:
0 , ≤ 1.01.3
(custom)
|
Date Public ?
2026-04-22 14:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T19:01:07.141868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:57:00.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-product-reviews-shortcode",
"product": "Builder for WooCommerce reviews shortcodes \u2013 ReviewShort",
"vendor": "Saleswonder Team: Tobias",
"versions": [
{
"changes": [
{
"at": "1.01.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.01.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:42:42.523Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes \u2013 ReviewShort woo-product-reviews-shortcode.\u003cp\u003eThis issue affects Builder for WooCommerce reviews shortcodes \u2013 ReviewShort: from n/a through \u003c= 1.01.3.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes \u2013 ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes \u2013 ReviewShort: from n/a through \u003c= 1.01.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:51:05.767Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/woo-product-reviews-shortcode/vulnerability/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Builder for WooCommerce reviews shortcodes \u2013 ReviewShort plugin \u003c= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-29093",
"datePublished": "2024-03-19T16:40:14.011Z",
"dateReserved": "2024-03-15T10:51:21.287Z",
"dateUpdated": "2026-04-23T13:51:05.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}