Optiontree Project: >> Optiontree >> 2.0.12 Security Vulnerabilities
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-22
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-22
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-22
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-20
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-20