Filtered by vendor Cminds Subscriptions

Search

Switch to Advanced Search (Beta)
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-5004 1 Cminds 1 Cm Popup 2024-11-21 4.8 Medium
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2023-30750 1 Cminds 1 Cm Popup 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.
CVE-2021-24678 1 Cminds 1 Tooltip Glossary 2024-11-21 5.4 Medium
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2020-27344 1 Cminds 1 Cm Download Manager 2024-11-21 6.1 Medium
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
CVE-2020-24146 1 Cminds 1 Cm Download Manager 2024-11-21 8.1 High
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
CVE-2020-24145 1 Cminds 1 Cm Download Manager 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.
CVE-2024-5799 2 Cminds, Creativemindssolutions 2 Cm Popup, Cm Pop-up Banners 2024-09-26 4.8 Medium
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.