Vulnerabilities (CVE)

Filtered by vendor Vanguard Project Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15537 1 Vanguard Project 1 Vanguard 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
CVE-2017-17873 1 Vanguard Project 1 Marketplace Digital Products Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17936 1 Vanguard Project 1 Marketplace Digital Products Php 2024-02-28 6.8 MEDIUM 8.8 HIGH
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVE-2017-17937 1 Vanguard Project 1 Marketplace Digital Products Php 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-17874 1 Vanguard Project 1 Marketplace Digital Products Php 2024-02-28 6.5 MEDIUM 8.8 HIGH
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.