Vulnerabilities > Acurax
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-16 | CVE-2023-39926 | Cross-site Scripting vulnerability in Acurax Under Construction / Maintenance Mode 2.6 Unauth. | 6.1 |
2021-11-26 | CVE-2021-36843 | Cross-site Scripting vulnerability in Acurax Floating Social Media Icon 4.3.5 Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. | 3.5 |
2018-01-27 | CVE-2018-6357 | Cross-Site Request Forgery (CSRF) vulnerability in Acurax Social Media Widget The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | 6.8 |