Filtered by vendor Cminds
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24678 | 1 Cminds | 1 Tooltip Glossary | 2024-11-21 | 5.4 Medium |
| The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2020-27344 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | ||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 8.1 High |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | ||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | ||||
| CVE-2024-5799 | 2 Cminds, Creativemindssolutions | 2 Cm Popup, Cm Pop-up Banners | 2024-09-26 | 4.8 Medium |
| The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks. | ||||