Vulnerabilities > Wpengine > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45429 Cross-site Scripting vulnerability in Wpengine Advanced Custom Fields
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier.
network
low complexity
wpengine CWE-79
6.1
2024-07-09 CVE-2024-3563 Cross-site Scripting vulnerability in Wpengine Genesis Blocks
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpengine CWE-79
5.4
2024-01-16 CVE-2022-1563 Unspecified vulnerability in Wpengine Wpgraphql
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.
network
low complexity
wpengine
5.3
2023-11-13 CVE-2023-23684 Server-Side Request Forgery (SSRF) vulnerability in Wpengine Wpgraphql
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
network
low complexity
wpengine CWE-918
6.5
2019-06-10 CVE-2019-9881 Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
network
low complexity
wpengine CWE-306
5.3