Vulnerabilities > Underconstruction Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-20 | CVE-2022-1895 | Unspecified vulnerability in Underconstruction Project Underconstruction The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 4.3 |
2022-06-20 | CVE-2022-1896 | Unspecified vulnerability in Underconstruction Project Underconstruction The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | 4.8 |