Wpmudev

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25592 1Wpmudev 1Broken Link Checker Apr 28, 2026 Mar 15, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.
CVE-2024-0368 1Wpmudev 1Hustle Apr 8, 2026 Mar 13, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possibl...Show more The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.Show less
CVE-2023-51490 1Wpmudev 1Defender Security Apr 28, 2026 Jan 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security &...Show more Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.Show less
CVE-2023-5949 1Wpmudev 1Smartcrawl Nov 21, 2024 Dec 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
CVE-2023-5089 1Wpmudev 1Defender Security Apr 23, 2025 Oct 16, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide...Show more The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.Show less
CVE-2021-4425 1Wpmudev 1Defender Security Apr 8, 2026 Jul 12, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function...Show more The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2015-10098 1Wpmudev 1Broken Link Checker Nov 21, 2024 Apr 8, 2023 N/A· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_ge...Show more A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.Show less
CVE-2022-1009 1Wpmudev 1Smush Image Compression And Optimization Nov 21, 2024 May 30, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site...Show more The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration fileShow less
CVE-2017-18511 1Wpmudev 1Custom Sidebars Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
CVE-2017-18510 1Wpmudev 1Custom Sidebars Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
CVE-2017-15079 1Wpmudev 1Smush Image Compression And Optimization May 13, 2026 Oct 6, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.

Previous 12