Filtered by vendor Mitchelllevy
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12595 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | 4.7 Medium |
| The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | 7.2 High |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | ||||
Page 1 of 1.