Skip to main content

Wp Fusion

2 CVEs product

Monthly

CVE-2021-34661 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Wp Fusion
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2021-34660 MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Wp Fusion
NVD
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 4.7
MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy