Tipsandtricks-hq All In One Wp Security & Firewall — known CVE vulnerabilities
Every CVE whose affected-product data names Tipsandtricks-hq All In One Wp Security & Firewall, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2015-9310 — CVSS 9.8 (critical): The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
CVE-2016-10887 — CVSS 9.8 (critical): The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
CVE-2016-10888 — CVSS 9.8 (critical): The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
CVE-2015-9293 — CVSS 6.1 (medium): The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
CVE-2016-10868 — CVSS 6.1 (medium): The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection…
CVE-2015-9294 — CVSS 6.1 (medium): The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
CVE-2016-10867 — CVSS 6.1 (medium): The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
CVE-2021-25102 — CVSS 4.7 (medium): The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter…