Filtered by vendor Wpchill
Subscriptions
Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27398 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16. | ||||
| CVE-2026-27424 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2026-05-20 | 4.3 Medium |
| Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11. | ||||
| CVE-2026-39510 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2026-04-29 | 2.7 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11. | ||||
| CVE-2026-39486 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8. | ||||
| CVE-2025-22773 | 2 Wordpress, Wpchill | 2 Wordpress, Htaccess File Editor | 2026-04-29 | 5.3 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through <= 1.0.19. | ||||
| CVE-2024-32429 | 1 Wpchill | 1 Remove Footer Credit | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13. | ||||
| CVE-2024-30501 | 1 Wpchill | 1 Download Monitor | 2026-04-28 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. | ||||
| CVE-2023-52123 | 1 Wpchill | 1 Strong Testimonials | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | ||||
| CVE-2023-34007 | 1 Wpchill | 1 Download Monitor | 2026-04-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | ||||
| CVE-2023-31219 | 1 Wpchill | 1 Download Monitor | 2026-04-28 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. | ||||
| CVE-2023-26013 | 1 Wpchill | 1 Strong Testimonials | 2026-04-28 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions. | ||||
| CVE-2022-45354 | 1 Wpchill | 1 Download Monitor | 2026-04-28 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | ||||
| CVE-2026-23976 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4. | ||||
| CVE-2026-39536 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2026-04-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16. | ||||
| CVE-2026-3124 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-24 | 7.5 High |
| The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that payment token to finalize a high-value order. | ||||
| CVE-2025-58610 | 2 Wordpress, Wpchill | 2 Wordpress, Gallery Photoblocks | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.1. | ||||
| CVE-2025-57926 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster content-protector allows Stored XSS.This issue affects Passster: from n/a through <= 4.2.18. | ||||
| CVE-2024-49256 | 1 Wpchill | 1 Htaccess File Editor | 2026-04-23 | 6.5 Medium |
| Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through <= 1.0.18. | ||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16. | ||||
| CVE-2026-3584 | 2 Wordpress, Wpchill | 2 Wordpress, Kali Forms — Contact Form & Drag-and-drop Builder | 2026-04-22 | 9.8 Critical |
| The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to execute code on the server. | ||||