Skip to main content

Crowdsignal Dashboard

4 CVEs product

Monthly

CVE-2023-51489 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Crowdsignal Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51488 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Crowdsignal Dashboard
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-45069 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Crowdsignal Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2386 MEDIUM POC This Month

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Crowdsignal Dashboard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Crowdsignal Dashboard
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Crowdsignal Dashboard
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Crowdsignal Dashboard
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Crowdsignal Dashboard
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy