CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44737 – WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-44737
22 Nov 2022 — Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. Múltiples vulnerabilidades de Cross-Site Request Forgery en el complemento All-In-One Security (AIOS) Security and Firewall en WordPress en versiones <= 5.1.0. The All In One WP Security & Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to incorrect nonce validation on the function... • https://patchstack.com/database/vulnerability/all-in-one-wp-security-and-firewall/wordpress-all-in-one-wp-security-plugin-5-1-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25102 – All In One WP Security < 4.4.11 - Authenticated Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25102
11 Apr 2022 — The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk El plugin All In One WP Security & Firewall d... • https://wpscan.com/vulnerability/9b8a00a6-622b-4309-bbbf-fe2c7fc9f8b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10887 – All In One WP Security & Firewall <= 4.0.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10887
14 Aug 2019 — The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 4.0.9 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10866 – All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10866
11 Nov 2016 — The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. El complemento todo-en-uno-wp-security-and-firewall versión anterior a 4.2.0 para WordPress tiene múltiples problemas XSS. The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues via the 'tab' parameter. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10888 – All In One WP Security & Firewall <= 4.0.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10888
06 Apr 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 4.0.7 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10867 – All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10867
23 Feb 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. El complemento todo en uno wp-security-and-firewall versión anterior a 4.0.6 para WordPress tiene XSS en las páginas de configuración. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10868 – All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10868
22 Feb 2016 — The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. El complemento all-in-one-wp-security-and-firewall anterior a 4.0.5 para WordPress tiene XSS en la lista negra, el sistema de archivos y las páginas de configuración de detección de cambio de archivo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9293 – All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9293
15 Aug 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. El complemento todo en uno wp-security-and-firewall anterior a 3.9.8 para WordPress tiene XSS en la función de solicitud de desbloqueo. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9294 – All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9294
20 Apr 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. El complemento all-in-one-wp-security-and-firewall versiones anterior a 3.9.5 para WordPress tiene XSS en instancias de función add_query_arg y remove_query_arg. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9310 – All In One WP Security & Firewall <= 3.9.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9310
06 Apr 2015 — The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. El plugin all-in-one-wp-security-and-firewall versiones anteriores a 3.9.1 para WordPress, presenta múltiples problemas de inyección SQL. • https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •