Vanguard Project
vanguard_project
5 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Vanguard Marketplace Digital Products PHP has CSRF via /search. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |