Vulnerabilities > Incsub > Hummingbird
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-10 | CVE-2023-1478 | Unspecified vulnerability in Incsub Hummingbird The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. | 9.8 |
| 2022-04-18 | CVE-2022-0994 | Cross-site Scripting vulnerability in Incsub Hummingbird The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |