Vulnerabilities > Kaswara Project

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2021-4448 Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions.
network
low complexity
kaswara-project CWE-862
critical
9.8
2021-05-14 CVE-2021-24284 Unspecified vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action.
network
low complexity
kaswara-project
critical
9.8