Vektor-inc Vk_all_in_one_expansion_unit
8 CVEs affecting Vektor-inc Vk_all_in_one_expansion_unit. Latest disclosed: 2024-11-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-37956 | Medium | 6.5 | 2024-07-20 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows St… |
CVE-2024-2093 | Medium | 6.5 | 2024-04-09 | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social… |
CVE-2024-2170 | Medium | 6.4 | 2024-03-26 | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and i… |
CVE-2023-0937 | Medium | 6.1 | 2023-03-20 | The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribu… |
CVE-2023-28367 | Medium | 5.4 | 2023-05-23 | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject a… |
CVE-2023-27926 | Medium | 5.4 | 2023-05-23 | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to i… |
CVE-2023-0230 | Medium | 5.4 | 2023-02-27 | The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/… |
CVE-2024-52268 | Medium | 4.8 | 2024-11-13 | Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script… |