Filtered by vendor Wpmudev
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25592 | 1 Wpmudev | 1 Broken Link Checker | 2025-01-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. | ||||
| CVE-2024-9700 | 1 Wpmudev | 1 Forminator Forms | 2024-11-25 | 5.3 Medium |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes it possible for unauthenticated attackers to modify other user's quiz submissions. | ||||
| CVE-2023-5949 | 1 Wpmudev | 1 Smartcrawl | 2024-11-21 | 7.5 High |
| The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. | ||||
| CVE-2022-1009 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2024-11-21 | 6.1 Medium |
| The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | ||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | N/A |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | ||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | N/A |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | ||||
| CVE-2015-10098 | 1 Wpmudev | 1 Broken Link Checker | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. | ||||