Vulnerabilities > CM WP

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2020-36759 Cross-Site Request Forgery (CSRF) vulnerability in Cm-Wp Woody Code Snippets
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9.
network
low complexity
cm-wp CWE-352
4.3
2023-03-13 CVE-2023-0477 Unrestricted Upload of File with Dangerous Type vulnerability in Cm-Wp Auto Featured Image
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files.
network
low complexity
cm-wp CWE-434
8.8
2021-12-13 CVE-2021-24932 Cross-site Scripting vulnerability in Cm-Wp Auto Featured Image
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.
network
cm-wp CWE-79
4.3
2021-04-05 CVE-2021-24196 Cross-site Scripting vulnerability in Cm-Wp Social Slider Widget
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
network
low complexity
cm-wp CWE-79
5.4