74 matches found
CVE-2025-30910 WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects CM Download Manager: from n/a through = 2.9.6...
CVE-2025-30910 WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects CM Download Manager: from n/a through = 2.9.6...
CVE-2025-30910
CM Download Manager (WordPress plugin)
CVE-2025-24694
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through = 1.7.6...
CVE-2025-24694
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through = 1.7.6...
CVE-2025-24758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through = 2.0.8...
CVE-2025-24694 WordPress Name: CM E-Mail Registration Blacklist plugin <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Email Registration Blacklist and Whitelist allows Reflected XSS. This issue affects CM Email Registration Blacklist and Whitelist: from n/a through 1.5.5...
CVE-2025-24694 WordPress CM Pop-Up Banners plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through = 1.7.6...
CVE-2025-24758 WordPress CM Map Locations plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.0.8...
CVE-2025-24694
CVE-2025-24694: Reflected XSS in CM E‑Mail Blacklist plugin for WordPress (CM E‑Mail Registration Blacklist and Whitelist) up to version 1.5.5. Public descriptions confirm improper input neutralization during web page generation as the root cause. Affected software is the CM E‑Mail Blacklist plug...
CVE-2024-54267
CVE-2024-54267 involves CM Answers (CreativeMindsSolutions) for WordPress. The CM Answers plugin has a Missing Authorization vulnerability that can be exploited due to incorrectly configured access control levels, affecting CM Answers versions up to 3.2.6 (inclusive of n/a). The CVSS 3.1 score is...
CVE-2024-54267 WordPress CM Answers plugin <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through = 3.2.6...
CVE-2024-48041
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through = 4.3.9...
CVE-2024-48041 WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9...
CVE-2024-48041
CVE-2024-48041 describes a stored XSS in the CM Tooltip Glossary WordPress plugin. The issue arises from improper neutralization of input during web page generation, allowing stored cross‑site scripting. Affected versions are CM Tooltip Glossary up to 4.3.9 ; the vulnerability is fixed in version...
CVE-2024-43149 WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7...
CVE-2024-43149
CM Tooltip Glossary (WordPress plugin) is affected by CVE-2024-43149 (Stored XSS). The vulnerability is authenticated and arises from improper input neutralization during web page generation, affecting versions up to 4.3.7. Patch: upgrade to 4.3.7 or newer (the fix is included in 4.3.7).
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10...
CVE-2023-30750 WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10...
CVE-2023-30750
CM Pop-Up banners for WordPress (CM Popup Plugin)