Aggregates CVE and security vulnerability intelligence across all vanguard_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15537 | An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | [email protected] | 6.1 | 0.17% | 2020-07-05 | 2024-11-21 |
| CVE-2017-17937 | Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | [email protected] | 6.1 | 0.22% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17936 | Vanguard Marketplace Digital Products PHP has CSRF via /search. | [email protected] | 8.8 | 0.12% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17874 | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | [email protected] | 8.8 | 2.39% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17873 | Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | [email protected] | 9.8 | 1.41% | 2017-12-27 | 2026-05-13 |