Vulnerabilities > Wpmudev > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-37239 | Cross-site Scripting vulnerability in Wpmudev Branda Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. | 4.8 |
| 2024-07-11 | CVE-2024-6554 | Unspecified vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. | 5.3 |
| 2024-06-21 | CVE-2024-5191 | Cross-site Scripting vulnerability in Wpmudev Branda The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-10-16 | CVE-2023-5089 | Unspecified vulnerability in Wpmudev Defender Security The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. | 5.3 |
| 2023-07-12 | CVE-2021-4425 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Defender Security The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. | 4.3 |
| 2023-04-08 | CVE-2015-10098 | Cross-site Scripting vulnerability in Wpmudev Broken Link Checker A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. | 6.1 |
| 2022-05-30 | CVE-2022-1009 | Cross-site Scripting vulnerability in Wpmudev Smush Image Compression and Optimization The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. | 4.3 |
| 2019-08-14 | CVE-2017-18511 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Custom Sidebars The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | 6.8 |
| 2019-08-14 | CVE-2017-18510 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Custom Sidebars 3.0.8.1 The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | 6.8 |
| 2017-10-06 | CVE-2017-15079 | Path Traversal vulnerability in Wpmudev Smush Image Compression and Optimization The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | 5.0 |