Summary
Detail | |||
---|---|---|---|
Vendor | Helloasso | First view | 2024-07-21 |
Product | Helloasso | Last view | 2024-11-01 |
Version | * | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | wordpress | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:helloasso:helloasso |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2024-11-01 | CVE-2024-44052 | Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. |
4.3 | 2024-09-05 | CVE-2024-7605 | The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service. |
5.4 | 2024-07-21 | CVE-2024-37488 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9. |