Known Vulnerabilities for products from Cminds
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Cminds".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-46246 json | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request For... | Not Provided | 2025-04-22 | 2026-04-23 |
| CVE-2025-46245 json | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Reque... | Not Provided | 2025-04-22 | 2026-04-23 |
| CVE-2023-31228 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plug... | 4.8 - MEDIUM | 2023-08-18 | 2023-08-23 |
| CVE-2023-30750 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions ... | Not Provided | 2023-12-20 | 2026-04-28 |
| CVE-2023-28749 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-22 | 2023-11-27 |
| CVE-2023-25992 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions. | 4.8 - MEDIUM | 2023-03-23 | 2023-11-07 |
| CVE-2022-3076 json | The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by ... | 7.2 - HIGH | 2022-09-26 | 2022-09-27 |
| CVE-2021-24678 json | The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which coul... | 5.4 - MEDIUM | 2021-10-04 | 2021-10-18 |
| CVE-2020-27344 json | The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | 6.1 - MEDIUM | 2020-10-21 | 2020-10-23 |
| CVE-2020-24146 json | Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users t... | 8.1 - HIGH | 2021-07-07 | 2021-07-12 |
| CVE-2020-24145 json | Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allo... | 6.1 - MEDIUM | 2021-07-07 | 2021-07-09 |
| CVE-2016-1000132 json | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | 6.1 - MEDIUM | 2016-10-10 | 2021-10-12 |
| CVE-2014-9129 json | Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress a... | 6.8 - MEDIUM | 2014-12-05 | 2023-02-02 |
Known software with vulnerabilities from Cminds
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cminds | Cm Download Manager | 2.7.0 |
| Application | Cminds | Enhanced-tooltipglossary | 3.2.8 |