VYPR

igniteup

by WordPress

CVEs (5)

  • CVE-2019-17237HigNov 12, 2019
    risk 0.57cvss 8.8epss 0.01

    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.

  • CVE-2019-17234HigNov 12, 2019
    risk 0.49cvss 7.5epss 0.03

    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.

  • CVE-2019-17236MedNov 12, 2019
    risk 0.40cvss 6.1epss 0.01

    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.

  • CVE-2022-0898MedMay 9, 2022
    risk 0.35cvss 5.4epss 0.01

    The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues

  • CVE-2019-17235MedNov 12, 2019
    risk 0.35cvss 5.3epss 0.01

    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.