CVE-2024-9371
- EPSS 0.79%
- Veröffentlicht 21.11.2024 11:15:36
- Zuletzt bearbeitet 21.11.2024 13:57:24
The Branda – White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3....
CVE-2024-37239
- EPSS 0.08%
- Veröffentlicht 22.07.2024 10:15:08
- Zuletzt bearbeitet 21.11.2024 09:23:27
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
CVE-2024-6554
- EPSS 0.42%
- Veröffentlicht 11.07.2024 04:15:06
- Zuletzt bearbeitet 21.11.2024 09:49:52
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to th...
CVE-2024-5191
- EPSS 0.27%
- Veröffentlicht 21.06.2024 07:15:10
- Zuletzt bearbeitet 21.11.2024 09:47:09
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and ...
CVE-2023-51542
- EPSS 0.08%
- Veröffentlicht 04.06.2024 13:15:49
- Zuletzt bearbeitet 21.11.2024 08:38:20
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14.