VYPR
Vendor

Cminds

Products
5
CVEs
11
Across products
11
Status
Private

Products

5

Recent CVEs

11
  • CVE-2025-30910HigApr 1, 2025
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects CM Download Manager: from n/a through <= 2.9.6.

  • CVE-2023-30750HigDec 20, 2023
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.

  • CVE-2024-48041MedOct 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through <= 4.3.9.

  • CVE-2024-43149MedAug 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7.

  • CVE-2016-1000132MedOct 10, 2016
    risk 0.40cvss 6.1epss 0.04

    Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8

  • CVE-2025-46246MedApr 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request Forgery.This issue affects CM Answers: from n/a through <= 3.3.3.

  • CVE-2025-46245MedApr 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5.

  • CVE-2024-54267MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.

  • CVE-2014-8877Dec 5, 2014
    risk 0.04cvss epss 0.15

    The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP…

  • CVE-2024-5026May 15, 2025
    risk 0.00cvss epss 0.00

    The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2014-9129Dec 5, 2014
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title…