Vulnerabilities > Magazine3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-47318 | Missing Authorization vulnerability in Magazine3 PWA for WP & AMP Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. | 8.8 |
| 2024-07-17 | CVE-2024-5582 | Cross-site Scripting vulnerability in Magazine3 Schema & Structured Data for WP & AMP The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-31 | CVE-2024-22146 | Cross-site Scripting vulnerability in Magazine3 Schema & Structured Data for WP & AMP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25. | 5.4 |
| 2024-01-11 | CVE-2023-6782 | Cross-site Scripting vulnerability in Magazine3 AMP for WP The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-12-19 | CVE-2023-35883 | Open Redirect vulnerability in Magazine3 Core web Vitals & Pagespeed Booster 1.0.12 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | 6.1 |
| 2023-11-30 | CVE-2023-48321 | Cross-site Scripting vulnerability in Magazine3 AMP for WP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1. | 5.4 |
| 2023-06-07 | CVE-2021-4354 | Unrestricted Upload of File with Dangerous Type vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. | 8.8 |
| 2023-06-07 | CVE-2021-4366 | Missing Authorization vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. | 4.3 |
| 2019-05-13 | CVE-2018-20838 | Cross-site Scripting vulnerability in Magazine3 AMP FOR WP ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS. | 3.5 |