← Back

Ndk Design

ndk-design

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Ndkadvancedcustomizationfields
ndkadvancedcustomizationfields
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40841
1Ndk Design
1Ndkadvancedcustomizationfields
Apr 16, 2025
Dec 21, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter.
CVE-2022-40842
1Ndk Design
1Ndkadvancedcustomizationfields
Apr 29, 2025
Nov 22, 2022
N/A· v4
9.1 CRITICAL· v3
N/A· v2
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.
CVE-2022-40840
1Ndk Design
1Ndkadvancedcustomizationfields
May 2, 2025
Nov 2, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.
CVE-2022-40839
1Ndk Design
1Ndkadvancedcustomizationfields
May 6, 2025
Nov 1, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.