Vulnerabilities in wpmudev

44 results

CVE-2023-4596CRITICALForminator <= 1.24.6 - Unauthenticated Arbitrary File UploadEPSS 12.7%CVE-2025-6463HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission DeletionEPSS 10.5%CVE-2025-14437HIGHHummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log FileEPSS 2.0%CVE-2022-2438HIGHBroken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR DeserializationEPSS 1.3%CVE-2023-6133MEDIUMForminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File UploadEPSS 0.9%CVE-2024-0368HIGHHustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API KeysEPSS 0.8%CVE-2026-5192HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'EPSS 0.8%CVE-2017-20206CRITICALAppointments <= 2.2.1 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2024-7389HIGHForminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information ExposureEPSS 0.7%CVE-2026-11551CRITICALBranda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.6%CVE-2024-3287MEDIUMSmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing AuthorizationEPSS 0.6%CVE-2026-0911HIGHHustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module ImportEPSS 0.5%CVE-2025-14998CRITICALBranda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.5%CVE-2024-9371MEDIUMBranda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2024-1794HIGHForminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File UploadEPSS 0.5%CVE-2024-10402HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and CreationEPSS 0.5%CVE-2021-4425MEDIUMDefender Security <= 2.4.6 - Cross-Site Request Forgery BypassEPSS 0.5%CVE-2025-6464HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission DeletionEPSS 0.5%CVE-2024-8981HIGHBroken Link Checker <= 2.4.0 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2024-6554MEDIUMBranda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path DisclosureEPSS 0.5%

← previouspage 1 / 3next →