Vulnerabilities > Underconstruction Project > Underconstruction > 1.19
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-20 | CVE-2022-1895 | Cross-Site Request Forgery (CSRF) vulnerability in Underconstruction Project Underconstruction The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 4.3 |
2022-06-20 | CVE-2022-1896 | Cross-site Scripting vulnerability in Underconstruction Project Underconstruction The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | 3.5 |