wow-estore 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk file inclusion、vendor risk cross-site scripting, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で ファイル上書き and vendor impact unauthorized access などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-27452 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions. | [email protected] | 5.9 | 0.37% | 2023-06-22 | 2026-06-17 |
| CVE-2022-29448 | Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | [email protected] | 6.8 | 0.98% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29445 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | [email protected] | 6.8 | 1.00% | 2022-05-18 | 2026-06-17 |
| CVE-2022-0313 | The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack | [email protected] | 4.3 | 0.46% | 2022-02-21 | 2026-06-17 |
| CVE-2021-24580 | The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue | [email protected] | 8.8 | 1.36% | 2021-08-30 | 2026-06-16 |
| CVE-2021-24521 | The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack. | [email protected] | 7.2 | 1.59% | 2021-08-09 | 2026-06-16 |
| CVE-2021-24348 | The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue | [email protected] | 7.2 | 1.57% | 2021-06-14 | 2026-06-16 |