Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
12067.8%CRITICAL

Related CVEs

2
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2021-4448The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.CRITICAL9.867.8%Oct 16, 2024
CVE-2021-24284The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.CRITICAL9.8May 14, 2021