Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2022-0898

Disclosure Date: May 09, 2022 (last updated October 07, 2023)
The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17234

Disclosure Date: November 12, 2019 (last updated November 27, 2024)
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17236

Disclosure Date: November 12, 2019 (last updated November 27, 2024)
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17237

Disclosure Date: November 12, 2019 (last updated November 27, 2024)
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17235

Disclosure Date: November 12, 2019 (last updated November 27, 2024)
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0