Vulnerabilities > Cminds

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-22	CVE-2025-46245	Cross-Site Request Forgery (CSRF) vulnerability in Cminds CM AD Changer Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. network low complexity cminds CWE-352	8.8
2025-04-22	CVE-2025-46246	Cross-Site Request Forgery (CSRF) vulnerability in Cminds CM Answers Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. network low complexity cminds CWE-352	8.8
2024-09-12	CVE-2024-5799	Cross-site Scripting vulnerability in Cminds CM Popup The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks. network low complexity cminds CWE-79	4.8
2024-07-22	CVE-2024-5004	Cross-site Scripting vulnerability in Cminds CM Popup The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks network low complexity cminds CWE-79	4.8
2023-12-20	CVE-2023-30750	Unspecified vulnerability in Cminds CM Popup 1.5.10/1.5.8/1.5.9 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. network low complexity cminds	8.1
2023-11-22	CVE-2023-28749	Unspecified vulnerability in Cminds CM on Demand Search and Replace Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. network low complexity cminds	8.8
2023-08-18	CVE-2023-31228	Unspecified vulnerability in Cminds CM on Demand Search and Replace Auth. network low complexity cminds	4.8
2023-03-23	CVE-2023-25992	Unspecified vulnerability in Cminds CM Answers Auth. network low complexity cminds	4.8
2022-09-26	CVE-2022-3076	Unspecified vulnerability in Cminds CM Download Manager The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. network low complexity cminds	7.2
2021-10-04	CVE-2021-24678	Cross-site Scripting vulnerability in Cminds Tooltip Glossary The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks network low complexity cminds CWE-79	5.4

Vulnerabilities > Cminds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cminds"}]}

Vulnerabilities > Cminds