Filtered by vendor Vanguard Project Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-15537 1 Vanguard Project 1 Vanguard 2024-11-21 6.1 Medium
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
CVE-2017-17937 1 Vanguard Project 1 Marketplace Digital Products Php 2024-11-21 N/A
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-17936 1 Vanguard Project 1 Marketplace Digital Products Php 2024-11-21 N/A
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVE-2017-17874 1 Vanguard Project 1 Marketplace Digital Products Php 2024-11-21 N/A
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVE-2017-17873 1 Vanguard Project 1 Marketplace Digital Products Php 2024-11-21 N/A
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.