GCVE - cpe:2.3:a:tipsandtricks-hq:all_in_one_wp_security_\&

Approved changes feed: RSS · Atom

cpe:2.3:a:tipsandtricks-hq:all_in_one_wp_security_\&_firewall:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Tipsandtricks Hq (`526308cc-12ad-5324-8e9d-ae125b4b0839`)
Product	All In One Wp Security & Firewall (`4f1561d9-1dfc-542c-83de-50bf927d62da`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-44737`	vulnerable	2026-06-03 14:48:17.877949	WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities MEDIUM (6.5) Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. Published: 2022-11-22T16:00:10.628Z Updated: 2026-04-28T16:07:51.676Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/all-in-one-wp-security-and-firewall/wordpress-all-in-one-wp-security-plugin-5-1-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25102`	vulnerable	2026-06-03 14:44:04.429133	All In One WP Security < 4.4.11 - Authenticated Reflected Cross-Site Scripting The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk Published: 2022-05-02T16:05:32.000Z Updated: 2024-08-03T19:56:10.670Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/9b8a00a6-622b-4309-bbbf-fe2c7fc9f8b6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10888`	vulnerable	2026-06-03 14:35:29.890185	Details available The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. Published: 2019-08-14T15:19:24.000Z Updated: 2024-08-06T03:38:56.762Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10887`	vulnerable	2026-06-03 14:35:29.889902	Details available The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. Published: 2019-08-14T15:20:27.000Z Updated: 2024-08-06T03:38:56.578Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10868`	vulnerable	2026-06-03 14:35:29.865681	Details available The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. Published: 2019-08-13T16:53:00.000Z Updated: 2024-08-06T03:38:56.577Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10867`	vulnerable	2026-06-03 14:35:29.865385	Details available The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. Published: 2019-08-13T17:52:16.000Z Updated: 2024-08-06T03:38:56.601Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers https://wpvulndb.com/vulnerabilities/9736	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10866`	vulnerable	2026-06-03 14:35:29.864986	Details available The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. Published: 2019-08-13T17:52:45.000Z Updated: 2024-08-06T03:38:56.494Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9310`	vulnerable	2026-06-03 14:35:19.597919	Details available The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. Published: 2019-08-14T15:17:55.000Z Updated: 2024-08-06T08:43:42.430Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9294`	vulnerable	2026-06-03 14:35:19.580674	Details available The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. Published: 2019-08-13T16:51:48.000Z Updated: 2024-08-06T08:43:42.399Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9293`	vulnerable	2026-06-03 14:35:19.580288	Details available The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. Published: 2019-08-13T16:52:23.000Z Updated: 2024-08-06T08:43:42.413Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

All In One Wp Security & Firewall

PURL mappings

Vulnerability references

Contribute