GCVE - cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and

Approved changes feed: RSS · Atom

cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Tips And Tricks Hq (`51b2aeda-c511-5c79-ad82-e39635a8cf5d`)
Product	All In One Wordpress Security And Firewall (`750e5ee6-9606-5920-9fb0-5f4e5364f19a`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-33591`	vulnerable	2026-06-08 06:37:31.709045	WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability HIGH (7.5) Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10. Published: 2024-04-29T10:10:52.661Z Updated: 2026-04-28T16:09:44.145Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wordpress-easy-paypal-payment-or-donation-accept-plugin/wordpress-easy-accept-payments-for-paypal-plugin-4-9-10-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0895`	vulnerable	2026-06-08 05:06:24.276445	Details available Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. Published: 2015-03-07T02:00:00.000Z Updated: 2024-08-06T04:26:11.435Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/ http://jvn.jp/en/jp/JVN87204433/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-0894`	vulnerable	2026-06-08 05:06:24.276056	Details available SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: 2015-03-07T02:00:00.000Z Updated: 2024-08-06T04:26:11.352Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/ http://jvn.jp/en/jp/JVN30832515/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000037	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-6242`	vulnerable	2026-06-08 05:05:56.895483	Details available Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. Published: 2014-10-02T14:00:00.000Z Updated: 2024-08-06T12:10:12.730Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog http://www.exploit-db.com/exploits/34781 http://www.securityfocus.com/bid/70150 https://www.htbridge.com/advisory/HTB23231	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

All In One Wordpress Security And Firewall

PURL mappings

Vulnerability references

Contribute