CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “duckdev”

3 vulnerabilities found for “duckdev”

CVE-2024-9228

MEDIUM6.1

The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present.

duckdev / loggedin

Network

Published Oct 1, 2024

CVE-2021-4338

MEDIUM6.4

The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.

duckdev / 404_to_301

Network

Published Jun 7, 2023

CVE-2015-9323

CRITICAL9.8

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

duckdev / 404_to_301

Network

Published Aug 16, 2019