Underconstruction Project Underconstruction — known CVE vulnerabilities
Every CVE whose affected-product data names Underconstruction Project Underconstruction, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2013-2699 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack…
CVE-2021-39320 — CVSS 6.1 (medium): The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain…
CVE-2022-1896 — CVSS 4.8 (medium): The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting…
CVE-2022-1895 — CVSS 4.3 (medium): The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could…