Vulnerabilities > Wpmudev
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-9351 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |
| 2024-10-17 | CVE-2024-9352 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |
| 2024-08-26 | CVE-2024-43117 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Hummingbird Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. | 8.8 |
| 2024-07-22 | CVE-2024-37239 | Cross-site Scripting vulnerability in Wpmudev Branda Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. | 4.8 |
| 2024-06-21 | CVE-2024-5191 | Cross-site Scripting vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-15 | CVE-2024-25592 | Unspecified vulnerability in Wpmudev Broken Link Checker Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. | 4.8 |
| 2024-01-08 | CVE-2023-51490 | Unspecified vulnerability in Wpmudev Defender Security Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | 7.5 |
| 2023-12-18 | CVE-2023-5949 | Missing Authorization vulnerability in Wpmudev Smartcrawl The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. | 7.5 |
| 2023-10-16 | CVE-2023-5089 | Unspecified vulnerability in Wpmudev Defender Security The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. | 5.3 |
| 2023-04-08 | CVE-2015-10098 | Unspecified vulnerability in Wpmudev Broken Link Checker A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. | 6.1 |