Note:
This project will be discontinued after December 13, 2021. [more]
Product:
All_in_one_wp_security_\&_firewall
(Tipsandtricks\-Hq)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-22 | CVE-2022-44737 | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | All_in_one_wp_security_\&_firewall | 8.8 | ||
| 2019-08-13 | CVE-2016-10867 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | All_in_one_wp_security_\&_firewall | 6.1 | ||
| 2022-05-02 | CVE-2021-25102 | The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | All_in_one_wp_security_\&_firewall | 4.7 | ||
| 2019-08-14 | CVE-2016-10888 | The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. | All_in_one_wp_security_\&_firewall | 9.8 | ||
| 2019-08-14 | CVE-2016-10887 | The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. | All_in_one_wp_security_\&_firewall | 9.8 | ||
| 2019-08-14 | CVE-2015-9310 | The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | All_in_one_wp_security_\&_firewall | 9.8 | ||
| 2019-08-13 | CVE-2016-10868 | The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | All_in_one_wp_security_\&_firewall | 6.1 | ||
| 2019-08-13 | CVE-2016-10866 | The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. | All_in_one_wp_security_\&_firewall | 6.1 | ||
| 2019-08-13 | CVE-2015-9294 | The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | All_in_one_wp_security_\&_firewall | 6.1 | ||
| 2019-08-13 | CVE-2015-9293 | The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | All_in_one_wp_security_\&_firewall | 6.1 |