CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9065 – WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test
https://notcve.org/view.php?id=CVE-2024-9065
09 Oct 2024 — The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. • https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46614 – WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46614
24 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Mat Bao Corp WP Helper Premium en versiones <= 4.5.1. The WP Helper Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.1. This is due to missing or incorrect nonce validation on the 'whp_fields' function. This makes it possible for unauthenticated attackers to update the... • https://patchstack.com/database/vulnerability/wp-helper-lite/wordpress-wp-helper-premium-plugin-4-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0448 – WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-0448
24 Jan 2023 — The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. El complemento WP Helper Lite de WordPress, en versiones <= 4.3, devuelve todos los parámetros GET no saneados en la respuesta, lo que genera una vulnerabilidad de cross-site scripting reflejado. The WP Helper Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.2.0 due to in... • https://www.tenable.com/security/research/tra-2023-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •