weblizar 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-33911 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | [email protected] | 7.6 | 7.90% | 2024-05-02 | 2026-04-28 |
| CVE-2022-1609 | The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | [email protected] | 9.8 | 93.49% | 2024-01-16 | 2025-06-02 |
| CVE-2022-47430 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | [email protected] | 6.7 | 0.15% | 2023-11-06 | 2026-04-28 |
| CVE-2022-46849 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | [email protected] | 7.6 | 0.15% | 2023-11-06 | 2026-04-29 |
| CVE-2017-20098 | A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | [email protected] | 3.5 | 0.19% | 2022-06-27 | 2024-11-21 |
| CVE-2021-34628 | The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7. | [email protected] | 8.8 | 0.11% | 2021-08-02 | 2024-11-21 |
| CVE-2019-15781 | The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | [email protected] | 8.8 | 0.11% | 2019-08-29 | 2024-11-21 |
| CVE-2018-5656 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php. | [email protected] | 8.8 | 0.12% | 2018-01-13 | 2024-11-21 |
| CVE-2018-5655 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter. | [email protected] | 6.1 | 0.21% | 2018-01-13 | 2024-11-21 |
| CVE-2018-5654 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter. | [email protected] | 6.1 | 0.19% | 2018-01-13 | 2024-11-21 |
| CVE-2018-5653 | An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. | [email protected] | 6.1 | 0.21% | 2018-01-13 | 2024-11-21 |