Vulnerabilities > Underconstruction Project

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-1895 Unspecified vulnerability in Underconstruction Project Underconstruction
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
network
low complexity
underconstruction-project
4.3
2022-06-20 CVE-2022-1896 Unspecified vulnerability in Underconstruction Project Underconstruction
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.
network
low complexity
underconstruction-project
4.8