Vulnerabilities (CVE)

Filtered by vendor Acurax Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-35749 1 Acurax 1 Under Construction \/ Maintenance Mode 2024-11-21 N/A 3.7 LOW
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.
CVE-2023-39926 1 Acurax 1 Under Construction \/ Maintenance Mode 2024-11-21 N/A 7.1 HIGH
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.
CVE-2021-36843 1 Acurax 1 Floating Social Media Icon 2024-11-21 3.5 LOW 4.8 MEDIUM
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.
CVE-2018-6357 1 Acurax 1 Social Media Widget 2024-11-21 6.8 MEDIUM 8.8 HIGH
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.