Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
underconstruction project underconstruction vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-39320
The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by ...
Underconstruction Project Underconstruction
4.8
CVSSv3
CVE-2022-1896
The underConstruction WordPress plugin prior to 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability ...
Underconstruction Project Underconstruction
4.3
CVSSv3
CVE-2022-1895
The underConstruction WordPress plugin prior to 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow malicious users to make a logged in admin perform such action via a CSRF attack
Underconstruction Project Underconstruction
NA
CVE-2013-2699
Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin prior to 1.09 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.
Underconstruction Project Underconstruction 1.07
Underconstruction Project Underconstruction
Underconstruction Project Underconstruction 1.05
Underconstruction Project Underconstruction 1.03
Underconstruction Project Underconstruction 1.06
Underconstruction Project Underconstruction 1.01
Underconstruction Project Underconstruction 1.0
Underconstruction Project Underconstruction 1.02
Underconstruction Project Underconstruction 1.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started