Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pickplugins Subscribe
Filtered by product Accordion
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24283 1 Pickplugins 1 Accordion 2021-05-21 3.5 LOW 5.4 MEDIUM
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
CVE-2020-13644 1 Pickplugins 1 Accordion 2020-05-28 3.5 LOW 5.4 MEDIUM
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.