Product
badgeos
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-2174
CVE-2023-2173
CVE-2023-2172
CVE-2023-2171
CVE-2022-41987
CVE-2022-2958
CVE-2022-0817
<= 3.7.1.6
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delet
<= 3.7.1.6
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This
<= 3.7.1.6
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This
<= 3.7.1.6
The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and
<= 3.7.1.6
Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions.
< 3.7.1.3
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX a
<= 3.7.0
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX