44 matches found
Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)
The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...
CVE-2013-2699
Cross-site request forgery CSRF vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors...
CVE-2013-2699
The CVE-2013-2699 entry concerns the WordPress underConstruction plugin (versions before 1.09). The vulnerability is a CSRF flaw that allows an attacker to hijack administrator authentication to deactivate the plugin via unspecified vectors, potentially disabling protection for the site. Affected...
WordPress underConstruction Plugin <= 1.08 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. Solution Update the plugin...