Wpmudev CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-1009	1 Wpmudev	1 Smush Image Compression And Optimization	2024-11-21	6.1 Medium
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file
CVE-2021-4425	1 Wpmudev	1 Defender Security	2024-11-21	4.3 Medium
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2017-18511	1 Wpmudev	1 Custom Sidebars	2024-11-21	N/A
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
CVE-2017-18510	1 Wpmudev	1 Custom Sidebars	2024-11-21	N/A
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
CVE-2015-10098	1 Wpmudev	1 Broken Link Checker	2024-11-21	3.5 Low
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.
CVE-2024-43117	1 Wpmudev	1 Hummingbird	2024-09-18	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.

« first previous Page 3 of 3.