Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Acurax Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1476 1 Acurax 1 Under Construction / Maintenance Mode 2025-03-04 N/A N/A
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin.
CVE-2023-6922 1 Acurax 1 Under Construction \/ Maintenance Mode 2025-02-07 N/A 6.5 MEDIUM
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
CVE-2024-35749 1 Acurax 1 Under Construction \/ Maintenance Mode 2024-06-12 N/A 5.3 MEDIUM
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.
CVE-2023-39926 1 Acurax 1 Under Construction \/ Maintenance Mode 2023-11-23 N/A 6.1 MEDIUM
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.
CVE-2021-36843 1 Acurax 1 Floating Social Media Icon 2021-11-26 3.5 LOW 4.8 MEDIUM
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.
CVE-2018-6357 1 Acurax 1 Social Media Widget 2020-08-24 6.8 MEDIUM 8.8 HIGH
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.