Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2024-43118

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.
0
0
Attacker Value
Unknown

CVE-2024-43117

Disclosure Date: August 26, 2024 (last updated September 19, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-32792

Disclosure Date: June 09, 2024 (last updated June 10, 2024)
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
0
0
Attacker Value
Unknown

CVE-2023-1478

Disclosure Date: April 10, 2023 (last updated October 08, 2023)
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0994

Disclosure Date: April 18, 2022 (last updated October 07, 2023)
The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0