Filtered by vendor Wpmudev
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1009 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | |||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | |||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2019-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | |||||
| CVE-2019-9568 | 1 Wpmudev | 1 Forminator Contact Form\, Poll \& Quiz Builder | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | |||||
| CVE-2019-9567 | 1 Wpmudev | 1 Forminator Contact Form\, Poll \& Quiz Builder | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | |||||
| CVE-2017-15079 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | |||||