igniteup
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17237 | Hig | 0.57 | 8.8 | 0.01 | Nov 12, 2019 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | ||
| CVE-2019-17234 | Hig | 0.49 | 7.5 | 0.03 | Nov 12, 2019 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | ||
| CVE-2019-17236 | Med | 0.40 | 6.1 | 0.01 | Nov 12, 2019 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | ||
| CVE-2022-0898 | Med | 0.35 | 5.4 | 0.01 | May 9, 2022 | The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | ||
| CVE-2019-17235 | Med | 0.35 | 5.3 | 0.01 | Nov 12, 2019 | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. |
- risk 0.57cvss 8.8epss 0.01
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
- risk 0.49cvss 7.5epss 0.03
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.
- risk 0.40cvss 6.1epss 0.01
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
- risk 0.35cvss 5.4epss 0.01
The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues
- risk 0.35cvss 5.3epss 0.01
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.