includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.
7.5CVSS
7.8AI Score
0.001EPSS
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.
5.3CVSS
5.8AI Score
0.001EPSS
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
6.1CVSS
6.8AI Score
0.001EPSS
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
8.8CVSS
8.7AI Score
0.001EPSS
The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues
5.4CVSS
5.1AI Score
0.001EPSS