Skip to main content

Knock Knock

2 CVEs product

Monthly

CVE-2020-13486 PHP MEDIUM PATCH This Month

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Knock Knock
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13485 PHP CRITICAL POC PATCH Act Now

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Knock Knock
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Knock Knock
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Knock Knock
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy