Vulnerabilities > Cmscommander

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-07	CVE-2023-3492	Unspecified vulnerability in Cmscommander WP Shopping Pages 1.14 The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. network low complexity cmscommander	6.8
2023-06-20	CVE-2023-3325	Insufficient Entropy vulnerability in Cmscommander CMS Commander The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. network low complexity cmscommander CWE-331 critical	9.8

Vulnerabilities > Cmscommander {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cmscommander"}]}