5 matches found
CVE-2019-17234
The CVE concerns the WordPress IgniteUp plugin (versions up to 3.4). The vulnerability stems from deleteTemplate() in includes/class-coming-soon-creator.php, which is hooked to admin_init and accepts a POST parameter delete_template without proper authorization checks. It builds a path to the plu...
CVE-2019-17236
CVE-2019-17236 affects the WordPress IgniteUp plugin (up to version 3.4). The vulnerability is a stored XSS in includes/class-coming-soon-creator.php. Impact details are limited to stored XSS per sources; exploitation details are not provided in the documents. Remediation: upgrade to a fixed vers...
CVE-2022-0898
CVE-2022-0898 affects the IgniteUp WordPress plugin up to version 3.4.1. The vulnerability arises from insufficient sanitization/escaping of certain fields when high-privilege users lack the unfiltered_html capability, enabling a Stored Cross-Site Scripting (XSS) scenario on admin-facing template...
CVE-2019-17237
CVE-2019-17237 affects the WordPress IgniteUp plugin (up to v3.4). The vulnerability is a CSRF flaw in includes/class-coming-soon-creator.php, allowing unauthorized actions via CSRF. Evidence from multiple feeds confirms the plugin versions impacted ( IgniteUp
CVE-2019-17235
CVE-2019-17235 affects the WordPress IgniteUp plugin up to version 3.4. The issue is in includes/class-coming-soon-creator.php and leads to information disclosure. Exploitation details are not provided in the documents; the impact is disclosure of sensitive information. Remediation: upgrade to a ...