CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Underconstruction Project 1Underconstruction Nov 21, 2024 Jun 20, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting a...Show more |
1Underconstruction Project 1Underconstruction Nov 21, 2024 Jun 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack |
1Underconstruction Project 1Underconstruction Nov 21, 2024 Sep 1, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perf...Show more |
1Underconstruction Project 1Underconstruction May 6, 2026 Apr 10, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via u...Show more |