Vulnerabilities > Patreon > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2023-41387 SQL Injection vulnerability in Patreon Flutter Downloader
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container.
network
low complexity
patreon CWE-89
critical
 9.1
9.1
2021-04-12 CVE-2021-24229 Cross-site Scripting vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2.
network
low complexity
patreon CWE-79
critical
 9.6
9.6
2021-04-12 CVE-2021-24228 Cross-site Scripting vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2.
network
low complexity
patreon CWE-79
critical
 9.6
9.6
2019-08-22 CVE-2018-20984 Deserialization of Untrusted Data vulnerability in Patreon Wordpress
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.
network
low complexity
patreon CWE-502
critical
 9.8
9.8