This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Helloasso First view 2024-07-21
Product Helloasso Last view 2024-11-01
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software wordpress  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:helloasso:helloasso

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2024-11-01 CVE-2024-44052

Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.

4.3 2024-09-05 CVE-2024-7605

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service.

5.4 2024-07-21 CVE-2024-37488

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.