Vulnerabilities > Wpmudev

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-43117 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Hummingbird
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
network
low complexity
wpmudev CWE-352
8.8
2024-07-22 CVE-2024-37239 Cross-site Scripting vulnerability in Wpmudev Branda
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
network
low complexity
wpmudev CWE-79
4.8
2024-06-21 CVE-2024-5191 Cross-site Scripting vulnerability in Wpmudev Branda
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping.
network
low complexity
wpmudev CWE-79
5.4
2024-01-08 CVE-2023-51490 Unspecified vulnerability in Wpmudev Defender Security
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
network
low complexity
wpmudev
7.5
2023-12-18 CVE-2023-5949 Missing Authorization vulnerability in Wpmudev Smartcrawl
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
network
low complexity
wpmudev CWE-862
7.5
2023-10-16 CVE-2023-5089 Unspecified vulnerability in Wpmudev Defender Security
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
network
low complexity
wpmudev
5.3
2023-04-08 CVE-2015-10098 Unspecified vulnerability in Wpmudev Broken Link Checker
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress.
network
low complexity
wpmudev
6.1
2022-05-30 CVE-2022-1009 Unspecified vulnerability in Wpmudev Smush Image Compression and Optimization
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting.
network
low complexity
wpmudev
6.1
2019-08-14 CVE-2017-18511 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Custom Sidebars
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
network
low complexity
wpmudev CWE-352
8.8
2019-08-14 CVE-2017-18510 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Custom Sidebars 3.0.8.1
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
network
low complexity
wpmudev CWE-352
8.8