Option Tree
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15321 | Cri | 0.64 | 9.8 | 0.02 | Aug 22, 2019 | The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. | ||
| CVE-2019-15320 | Cri | 0.64 | 9.8 | 0.02 | Aug 22, 2019 | The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. | ||
| CVE-2019-15319 | Cri | 0.64 | 9.8 | 0.02 | Aug 22, 2019 | The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. | ||
| CVE-2016-10895 | Med | 0.40 | 6.1 | 0.01 | Aug 20, 2019 | The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. | ||
| CVE-2015-9320 | Med | 0.40 | 6.1 | 0.01 | Aug 20, 2019 | The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. |
- risk 0.64cvss 9.8epss 0.02
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
- risk 0.64cvss 9.8epss 0.02
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
- risk 0.64cvss 9.8epss 0.02
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
- risk 0.40cvss 6.1epss 0.01
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
- risk 0.40cvss 6.1epss 0.01
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.