Vulnerabilities > Codeermeneer > Companion Auto Update > 3.0.3

DATE CVE VULNERABILITY TITLE RISK
2019-08-16 CVE-2018-20973 Improper Input Validation vulnerability in Codeermeneer Companion Auto Update
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
network
low complexity
codeermeneer CWE-20
7.5
7.5
2019-08-16 CVE-2018-20972 Cross-Site Request Forgery (CSRF) vulnerability in Codeermeneer Companion Auto Update
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. 		6.8
6.8