Vanguard Project: Security Vulnerabilities
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-05
Vanguard Marketplace Digital Products PHP has CSRF via /search.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-28
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-12-27
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVSS Score
8.8
EPSS Score
0.025
Published
2017-12-27