wpopal CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

wpopal vulnerability overview

Aggregates CVE and security vulnerability intelligence across all wpopal-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk cross-site scripting, vendor risk csrf, and vendor risk ssrf; exposure may include vendor impact session compromise in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-40700 Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M [email protected] 8.2 1.00% 2024-01-19 2026-06-17
CVE-2021-4388 The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties. [email protected] 4.3 0.73% 2023-07-01 2026-06-17
CVE-2021-4387 The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. [email protected] 4.3 0.58% 2023-07-01 2026-06-17
CVE-2022-29449 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. [email protected] 4.1 0.50% 2022-05-19 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence