Vulnerabilities > Duckdev
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-9228 | Cross-site Scripting vulnerability in Duckdev Loggedin The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. | 6.1 |
| 2023-06-07 | CVE-2021-4338 | Missing Authorization vulnerability in Duckdev 404 to 301 The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. | 5.4 |
| 2019-08-16 | CVE-2015-9323 | SQL Injection vulnerability in Duckdev 404 to 301 The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. | 9.8 |