Vulnerabilities > Bdtask
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-28991 | Forced Browsing vulnerability in Bdtask Multi Store Inventory Management System 1.0 Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. | 7.5 |
| 2022-05-20 | CVE-2022-28993 | Missing Authorization vulnerability in Bdtask Multi Store Inventory Management System 1.0 Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | 9.8 |
| 2021-01-27 | CVE-2020-36012 | Cross-site Scripting vulnerability in Bdtask Multi-Store 1.0.0 Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. | 4.8 |
| 2020-06-22 | CVE-2020-13426 | Cross-Site Request Forgery (CSRF) vulnerability in Bdtask Multi-Scheduler 1.0.0 The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | 6.5 |