Skip to main content

Igniteup

5 CVEs product

Monthly

CVE-2022-0898 MEDIUM POC This Month

The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Igniteup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17237 HIGH POC This Week

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Igniteup
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-17236 MEDIUM POC This Month

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Igniteup
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17235 MEDIUM POC This Month

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Information Disclosure PHP Igniteup
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-17234 HIGH POC This Week

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Igniteup
NVD
CVSS 3.1
7.5
EPSS
3.2%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Igniteup
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy