Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2022-1896 - Underconstruction Plugin

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.

PLUGIN Underconstruction

CVE-2022-1896

MEDIUM CVSS 4.8 2022-06-20

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1895 - Underconstruction Plugin

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack

PLUGIN Underconstruction

CVE-2022-1895

MEDIUM CVSS 4.3 2022-06-20

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2022-1896 - Underconstruction Plugin

CVE-2022-1895 - Underconstruction Plugin

Company Links

Contact Us