Skip to main content

Wowonder

6 CVEs product

Monthly

CVE-2022-42984 CRITICAL Act Now

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-40405 HIGH This Week

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1753 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WoWonder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-26254 MEDIUM POC This Month

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-27200 CRITICAL POC Act Now

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Wowonder
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-26935 HIGH POC This Week

In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wowonder
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WoWonder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Wowonder
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wowonder
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy