Aggregates CVE and security vulnerability intelligence across all designmodo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk ssrf and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-40700 | Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M | [email protected] | 8.2 | 1.00% | 2024-01-19 | 2026-04-28 |
| CVE-2017-18598 | The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. | [email protected] | 6.1 | 1.93% | 2019-09-10 | 2024-11-21 |
| CVE-2018-20156 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. | [email protected] | 7.2 | 1.51% | 2018-12-14 | 2024-11-21 |
| CVE-2018-20155 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. | [email protected] | 4.3 | 0.78% | 2018-12-14 | 2024-11-21 |
| CVE-2018-20154 | The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. | [email protected] | 4.3 | 0.98% | 2018-12-14 | 2024-11-21 |