Lucene search

Vanguard Project Security Vulnerabilities

cve

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.

9.8CVSS

9.8AI Score

0.003EPSS

2017-12-27 05:08 PM

cve

CVE-2017-17874

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

8.8CVSS

8.7AI Score

0.005EPSS

2017-12-27 05:08 PM

cve

CVE-2017-17936

Vanguard Marketplace Digital Products PHP has CSRF via /search.

8.8CVSS

8.7AI Score

0.001EPSS

2017-12-28 06:29 AM

cve

CVE-2017-17937

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

6.1CVSS

6AI Score

0.001EPSS

2017-12-28 06:29 AM

cve

CVE-2020-15537

An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.

6.1CVSS

5.9AI Score

0.021EPSS

2020-07-05 04:15 PM