Medium 4.3 Unfixed
2026-04-17≤ 3.1.1
Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification
Canto
Minimum safe version
3.0.9
Update to 3.0.9 or later to address 7 fixable vulnerabilities
Latest available3.1.2 ✓Affected up to2.1.1 ⚠⚠ 2 vulnerabilities have no fix
N/A Unfixed
2026-03-20≤ 3.1.1
Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload
Critical 9.8
2024-06-14< 3.0.9
CVE-2024-4936
Critical 10.0
2024-04-03< 3.0.7
CVE-2024-25096
Critical 9.8
2023-08-12< 3.0.5
CVE-2023-3452
N/A
2020-12-01< 1.7.1
WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability
High 7.2
2020-11-30≤ 2.1.1
Canto <= 1.9.0 - Blind Server-Side Request Forgery via download.php
Medium 5.3
2020-11-30< 2.0.1
CVE-2020-28978
Medium 5.3
2020-11-30< 2.0.1
CVE-2020-28977
Medium 5.3
2020-12-04< 2.0.1
Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php