Underconstruction Security Vulnerabilities and Issues — Underconstruction CVE List

Lucene search

Underconstruction ProjectUnderconstruction

4 matches found

CVE•added 2022/06/20 11:15 a.m.•58 views

CVE-2022-1896

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.

4.8CVSS4.7AI score0.00195EPSS

CVE•added 2022/06/20 11:15 a.m.•55 views

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack

4.3CVSS4.4AI score0.00106EPSS

CVE•added 2021/09/01 3:15 p.m.•47 views

CVE-2021-39320

The underConstruction plugin

6.1CVSS6AI score0.13936EPSS

CVE•added 2014/04/10 8:29 p.m.•33 views

CVE-2013-2699

Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.

6.8CVSS7.3AI score0.00179EPSS