Lucene search
K

44 matches found

WPVulnDB
WPVulnDB
added 2021/01/20 12:0 a.m.13 views

Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)

The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...

0.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2014/04/10 8:29 p.m.15 views

CVE-2013-2699

Cross-site request forgery CSRF vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors...

6.8CVSS7.1AI score0.01118EPSS
Exploits0References3
CVE
CVE
added 2014/04/10 2:0 p.m.43 views

CVE-2013-2699

The CVE-2013-2699 entry concerns the WordPress underConstruction plugin (versions before 1.09). The vulnerability is a CSRF flaw that allows an attacker to hijack administrator authentication to deactivate the plugin via unspecified vectors, potentially disabling protection for the site. Affected...

6.8CVSS7.3AI score0.01118EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.15 views

WordPress underConstruction Plugin <= 1.08 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. Solution Update the plugin...

6.8CVSS6.1AI score0.01118EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder