Vulnerabilities > Verbb > Knock Knock > 1.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-05-25 CVE-2020-13486 Open Redirect vulnerability in Verbb Knock
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
network
verbb CWE-601
5.8
5.8
2020-05-25 CVE-2020-13485 Incorrect Comparison vulnerability in Verbb Knock
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
network
low complexity
verbb CWE-697
6.4
6.4