Vektor-inc Vk_all_in_one_expansion_unit

8 CVEs affecting Vektor-inc Vk_all_in_one_expansion_unit. Latest disclosed: 2024-11-13. Critical: 0, High: 0.

Top CVEs affecting Vektor-inc Vk_all_in_one_expansion_unit
CVESeverityScorePublishedSummary
CVE-2024-37956Medium6.52024-07-20Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows St…
CVE-2024-2093Medium6.52024-04-09The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social…
CVE-2024-2170Medium6.42024-03-26The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and i…
CVE-2023-0937Medium6.12023-03-20The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribu…
CVE-2023-28367Medium5.42023-05-23Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject a…
CVE-2023-27926Medium5.42023-05-23Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to i…
CVE-2023-0230Medium5.42023-02-27The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/…
CVE-2024-52268Medium4.82024-11-13Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script…