Vulnerabilities (CVE)

Filtered by vendor Gvectors Subscribe

Filtered by product Wpdiscuz

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-24186	1 Gvectors	1 Wpdiscuz	2022-01-01	7.5 HIGH	10.0 CRITICAL
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
CVE-2020-13640	1 Gvectors	1 Wpdiscuz	2020-07-06	7.5 HIGH	9.8 CRITICAL
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)