The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Open Redirect
Knock Knock
NVD
GitHub
CVSS 3.1
6.1
EPSS
0.7%
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Image Resizer
NVD
GitHub
CVSS 3.1
5.4
EPSS
0.5%