Wzone
Monthly
AA-Team WZone versions 14.0.31 and earlier contain a path traversal vulnerability that allows authenticated attackers to access files outside intended directories. An attacker with valid credentials could leverage this flaw to read, modify, or delete sensitive files on the affected system. No patch is currently available for this vulnerability.
A blind SQL injection vulnerability exists in AA-Team's WZone WordPress plugin through version 14.0.31, allowing unauthenticated attackers to extract sensitive database information without direct error-based feedback. The vulnerability affects all versions of WZone up to and including 14.0.31, enabling attackers to manipulate SQL queries through improperly neutralized user input. While no CVSS score or EPSS probability is available in the disclosed data, the blind SQL injection classification and the plugin's wide WordPress ecosystem adoption suggest moderate to high real-world risk, particularly if the vulnerability is easily triggerable and no authentication is required.
Missing Authorization vulnerability in AA-Team WZone.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in AA-Team WZone.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AA-Team WZone versions 14.0.31 and earlier contain a path traversal vulnerability that allows authenticated attackers to access files outside intended directories. An attacker with valid credentials could leverage this flaw to read, modify, or delete sensitive files on the affected system. No patch is currently available for this vulnerability.
A blind SQL injection vulnerability exists in AA-Team's WZone WordPress plugin through version 14.0.31, allowing unauthenticated attackers to extract sensitive database information without direct error-based feedback. The vulnerability affects all versions of WZone up to and including 14.0.31, enabling attackers to manipulate SQL queries through improperly neutralized user input. While no CVSS score or EPSS probability is available in the disclosed data, the blind SQL injection classification and the plugin's wide WordPress ecosystem adoption suggest moderate to high real-world risk, particularly if the vulnerability is easily triggerable and no authentication is required.
Missing Authorization vulnerability in AA-Team WZone.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in AA-Team WZone.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.