Vektor-inc Vk All In One Expansion Unit — known CVE vulnerabilities
Every CVE whose affected-product data names Vektor-inc Vk All In One Expansion Unit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-2093 — CVSS 6.5 (medium): The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
CVE-2024-37956 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One…
CVE-2024-2170 — CVSS 6.4 (medium): The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all…
CVE-2023-0937 — CVSS 6.1 (medium): The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting…
CVE-2023-0230 — CVSS 5.4 (medium): The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting…
CVE-2023-27926 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote…
CVE-2023-28367 — CVSS 5.4 (medium): Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated…
CVE-2024-52268 — CVSS 4.8 (medium): Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited…