Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ideapush
(Northernbeacheswebsites)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-09 | CVE-2023-48774 | Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | Ideapush | N/A | ||
| 2024-12-03 | CVE-2024-11844 | The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy. | Ideapush | 4.3 | ||
| 2025-02-14 | CVE-2025-24607 | Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71. | Ideapush | 9.8 | ||
| 2024-10-06 | CVE-2024-44041 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. | Ideapush | 4.8 | ||
| 2023-11-08 | CVE-2023-47181 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions. | Ideapush | 4.8 | ||
| 2024-07-21 | CVE-2024-37461 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65. | Ideapush | 6.1 | ||
| 2024-07-22 | CVE-2024-37265 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60. | Ideapush | 5.4 | ||
| 2024-10-20 | CVE-2024-49275 | Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | Ideapush | 8.8 |