Skip to main content

Ndkadvancedcustomizationfields

4 CVEs product

Monthly

CVE-2022-40841 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40842 CRITICAL POC Act Now

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-40840 MEDIUM POC This Month

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40839 HIGH POC This Week

A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ndkadvancedcustomizationfields
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ndkadvancedcustomizationfields
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy