Cminds

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5026 1Cminds 1Cm Tooltip Glossary Jun 10, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the u...Show more The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2025-46246 1Cminds 1Cm Answers Apr 23, 2026 Apr 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request Forgery.This issue affects CM Answers: from n/a through <= 3.3.3.
CVE-2025-46245 1Cminds 1Cm Ad Changer Apr 23, 2026 Apr 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5.
CVE-2024-5029 1Cminds 1Cm Table Of Contents May 15, 2025 Nov 21, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored...Show more The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-5030 1Cminds 1Cm Table Of Contents May 15, 2025 Nov 18, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2024-5799 1Cminds 1Cm Popup Sep 26, 2024 Sep 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
CVE-2024-5004 1Cminds 1Cm Popup Nov 21, 2024 Jul 22, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripti...Show more The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-5167 1Cminds 1Cm E Mail Blacklist May 13, 2025 Jul 13, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in ad...Show more The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attackShow less
CVE-2024-5028 1Cminds 1Cm Search And Replace May 13, 2025 Jul 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-1962 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
CVE-2024-1232 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
CVE-2024-1231 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack
CVE-2023-30750 1Cminds 1Cm Popup Apr 28, 2026 Dec 20, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a throug...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.Show less
CVE-2023-28749 1Cminds 1Cm Search And Replace Jan 23, 2026 Nov 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2023-31228 1Cminds 1Cm Search And Replace Jan 23, 2026 Aug 18, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2023-25992 1Cminds 1Cm Answers Nov 21, 2024 Mar 23, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.
CVE-2022-3076 1Cminds 1Cm Download Manager May 22, 2025 Sep 26, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite...Show more The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.Show less
CVE-2021-24713 1Cminds 2Video Lessons Manager Video Lessons Manager Pro Jan 23, 2026 Nov 23, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privileg...Show more The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacksShow less
CVE-2021-24678 1Cminds 1Tooltip Glossary Nov 21, 2024 Oct 4, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2020-24146 1Cminds 1Cm Download Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a...Show more Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.Show less

12 Next