Vulnerabilities > Wpengine > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-04 | CVE-2024-45429 | Cross-site Scripting vulnerability in Wpengine Advanced Custom Fields Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. | 6.1 |
2024-07-09 | CVE-2024-3563 | Cross-site Scripting vulnerability in Wpengine Genesis Blocks The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-01-16 | CVE-2022-1563 | Unspecified vulnerability in Wpengine Wpgraphql The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. | 5.3 |
2023-11-13 | CVE-2023-23684 | Server-Side Request Forgery (SSRF) vulnerability in Wpengine Wpgraphql Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | 6.5 |
2019-06-10 | CVE-2019-9881 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | 5.3 |