cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-1896,https://securityvulnerability.io/vulnerability/CVE-2022-1896,underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting,"The underConstruction WordPress plugin before 1.21 does not sanitise or escape the ""Display a custom page using your own HTML"" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.",Wordpress,Underconstruction,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-06-20T10:26:16.000Z,0
CVE-2022-1895,https://securityvulnerability.io/vulnerability/CVE-2022-1895,underConstruction < 1.20 - Construction Mode Deactivation via CSRF,"The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack",Wordpress,Underconstruction,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-06-20T10:26:14.000Z,0
CVE-2021-39320,https://securityvulnerability.io/vulnerability/CVE-2021-39320,underConstruction <= 1.18 - Reflected Cross-Site Scripting,"The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.",Wordpress,Underconstruction,6.1,MEDIUM,0.12307000160217285,false,,false,false,false,,false,false,2021-09-01T15:15:00.000Z,0
CVE-2013-2699,https://securityvulnerability.io/vulnerability/CVE-2013-2699,,Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors.,Wordpress,Underconstruction,,,0.0015699999639764428,false,,false,false,false,,false,false,2014-04-10T14:00:00.000Z,0